如何保护/加密 Java 类?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4257027/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can you protect/encrypt your Java classes?
提问by greuze
Some time ago, in my work I needed to protect some classes against other people to read the code. For that purpose, I created a EncryptedClassLoader, that loaded previously encrypted classes, and can load normal (not encrypted) classes as well. Working in that way was a little complicated, and testing too (compile, then encrypt, and then decrypt).
前段时间,在我的工作中,我需要保护一些类不被其他人阅读代码。为此,我创建了一个 EncryptedClassLoader,它加载以前加密的类,也可以加载普通(未加密)的类。以这种方式工作有点复杂,测试也是如此(编译,然后加密,然后解密)。
Is there any free framework to do what I needed, and is easy to handle? I mean, not only obfuscate, but also encrypt the files, so none can read or debug that part of code. It would also be great that I can change the keys for encryption easily (in my application, it was hardcoded).
有没有免费的框架可以做我需要的,并且易于处理?我的意思是,不仅混淆,而且加密文件,所以没有人可以读取或调试那部分代码。我可以轻松更改加密密钥也很棒(在我的应用程序中,它是硬编码的)。
Thanks in advance.
提前致谢。
回答by Jason Nichols
Short answer, you can't. Encryption doesn't work. Here's an oldish article about why it's pointless to use an encrypted class loader:
简短的回答,你不能。加密不起作用。这是一篇关于为什么使用加密的类加载器毫无意义的古老文章:
Unfortunately, you would be wrong, both in thinking that you were the first to come up with this idea and in thinking that it actually works. And the reason has nothing to do with the strength of your encryption scheme.
不幸的是,您既认为自己是第一个提出这个想法的人,又认为它确实有效,那就错了。原因与您的加密方案的强度无关。
You can obfuscate it, but that will only go so far, and in the end I'm a firm believer that your time would be better spend fixing bugs or adding features.
你可以混淆它,但这只能到此为止,最后我坚信你的时间最好花在修复错误或添加功能上。
回答by Gerco Dries
Encryption doesn't add much safety to obfuscation. Anyone that is able to run your program will also be able to dump the decypted bytecode to disk. I assume this is why encrypting the bytecode isn't very common, where signing it is for example.
加密不会为混淆增加太多安全性。任何能够运行您的程序的人也可以将解密的字节码转储到磁盘。我认为这就是为什么加密字节码不是很常见的原因,例如签名。
If you do want to encrypt your bytecode, make sure you also obfuscate it and I think the method you are currently using would work just fine without adding any frameworks or libraries.
如果您确实想加密您的字节码,请确保您也对其进行了混淆,我认为您当前使用的方法无需添加任何框架或库即可正常工作。
回答by J.Profi
We use the JarProtectorlibrary to encrypt our jar files. No obfuscation, but only encryption. There is no option to change the encryption key, but defineClass() will never be called.
我们使用JarProtector库来加密我们的 jar 文件。没有混淆,只有加密。没有更改加密密钥的选项,但绝不会调用defineClass()。
回答by Yongfa Lin
You can try VLINX Java Protector, it makes a native ClassLoader by modify JVM to encrypt and decrypt the class data, not the ClassLoader written in Java, can effectively protect your java code
你可以试试VLINX Java Protector,它通过修改JVM来加密和解密类数据来制作一个原生的ClassLoader,而不是Java编写的ClassLoader,可以有效地保护你的java代码
回答by Qwerky
The only way you can protect your code is simply to not allow the user to run it. Instead of distributing an application, sell access to an online service. Your code is then sat on a server and the only thing you're exposing is the interface.
保护代码的唯一方法就是不允许用户运行它。不是分发应用程序,而是出售对在线服务的访问权限。然后您的代码位于服务器上,您暴露的唯一内容就是界面。
The alternative is to protect your code with contracts and lawyers, but unless you wrote something reallygood then this is going to cost you more than the revenue you'd otherwise have lost.
另一种选择是通过合同和律师来保护您的代码,但除非您写的东西非常好,否则这将比您损失的收入要多。
