Even if you encrypt the jar file, it must be decrypted before the JVM is able to run it, so you'll need another jar file containing classes that decrypt and loads in the JVM.

即使您加密了 jar 文件，也必须在 JVM 能够运行它之前对其进行解密，因此您需要另一个包含解密和加载到 JVM 中的类的 jar 文件。

Since this second jar file cannot be itself encrypted, a malicious user wanting to see you class files, can simply look at classes in this second jar file, and then decrypt your super-secret jar file and have access to it.

由于第二个 jar 文件本身无法加密，因此恶意用户想要查看您的类文件，只需查看第二个 jar 文件中的类，然后解密您的超级机密 jar 文件即可访问它。

Maybe you can increase security of your code using an obfuscator, but it will eventually protect (make it harder but not impossible) your class files from decompilation, not from being used.

也许您可以使用混淆器提高代码的安全性，但它最终会保护（使其更难但并非不可能）您的类文件免于反编译，而不是被使用。

If obfuscation is not enough, you could consider compiling your jar file to a DLL for windows or a SO for unix/linux, that will make it much harder to decompile, but it's not always possible to do that correctly and it's generally a PITA. GCJ is able to do this somehow, and there are other commercial products that will actually compile .class/.jar directly to machine code.

如果混淆还不够，您可以考虑将您的 jar 文件编译为 Windows 的 DLL 或 unix/linux 的 SO，这将使反编译变得更加困难，但并不总是能够正确地做到这一点，它通常是一个 PITA。GCJ 能够以某种方式做到这一点，还有其他商业产品可以将 .class/.jar 直接编译为机器代码。

However please consider that it does not matter how much security you put in it, since the client computer MUST be able to execute it, it must be able to read it, so no matter what your code will be exposed, you can only make it harder.

但是请注意，您在其中添加了多少安全性并不重要，因为客户端计算机必须能够执行它，它必须能够读取它，所以无论您的代码将暴露什么，您都只能做到更难。

If you really have an algorithm so secret you don't want to disclose no matter what, consider converting it to a web service, hosting it on your server, so that you don't have to send the actual code to the client machines and can also better prevent unauthorized copies of your application by checking access to that vital part of it.

如果你真的有一个非常秘密的算法，你无论如何都不想泄露，考虑将它转换为 Web 服务，将它托管在你的服务器上，这样你就不必将实际代码发送到客户端机器和通过检查对应用程序重要部分的访问，还可以更好地防止未经授权的应用程序副本。

I assume you are aware of the fact that any skilled java coder can reverse-engineer the Java tool you use (or write) and still decode the app's jars? Also writing custom classloaders which read your "encrypted" code can be decompiled and a tool could be written to bypass it.

我假设您知道这样一个事实，任何熟练的 Java 编码员都可以对您使用（或编写）的 Java 工具进行逆向工程，并且仍然可以解码应用程序的 jars？编写读取“加密”代码的自定义类加载器也可以被反编译，并且可以编写一个工具来绕过它。

Even with obfuscation and bytecode modification and custom classloaders, java is hackable/decompileable and the source can almost always be brought to a somewhat readable state.

即使使用混淆和字节码修改以及自定义类加载器，java 也是可破解/可反编译的，并且源代码几乎总是可以达到某种程度的可读状态。

You want to obfuscate, not encrypt, the jar file.

你想混淆，而不是加密，jar 文件。

A popular choice for doing this in Java is ProGuard.

在 Java 中执行此操作的一个流行选择是ProGuard。

No. Since your program needs to be able to run the code it would be pointless anyway.

不。由于您的程序需要能够运行代码，因此无论如何都毫无意义。

You can obfuscate your code though so decompiling the .class files results in less readable code (meaningless variable/class names etc).

您可以混淆您的代码，因此反编译 .class 文件会导致代码可读性降低（无意义的变量/类名称等）。

As far as I know this is not supported by standard JVM. But you can do the following. Separate your application into 2 parts. First will not be encrypted. It will be a simple loader that will instantiate the rest using custom class loader. This class loader will get Classes as arrays of bytes, decrypt and load them.

据我所知，标准 JVM 不支持这一点。但是您可以执行以下操作。将您的应用程序分成 2 部分。首先不会被加密。这将是一个简单的加载器，它将使用自定义类加载器实例化其余部分。这个类加载器将获取类作为字节数组，解密并加载它们。

if you don't want to provide an access to the class files inside the jar, why should you supply your jar with the application? It feels like your question is kind of wrong conceptually...

如果您不想提供对 jar 中类文件的访问权限，为什么要为应用程序提供 jar 呢？感觉你的问题在概念上有点错误......

If you need some custom way of loading the classes, consider to use custom classloader.

如果您需要一些自定义加载类的方式，请考虑使用自定义类加载器。

if you are packaging in jar -> just rename it to jarname.ABCD or any misleading extension or even take off the extension, and accordingly specify the jar name in your application.

如果您在 jar 中打包 -> 只需将其重命名为 jarname.ABCD 或任何误导性的扩展名，甚至取消扩展名，并相应地在您的应用程序中指定 jar 名称。

i prefer jCrypt! It is a simple tool where you can crypt the classes(and ressources)

我更喜欢jCrypt！这是一个简单的工具，您可以在其中加密类（和资源）