Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Java Software Licensing.

843810Nov 10 2002 — edited Sep 13 2003

I've noticed that the topic of Java Software licensing has come up a few times on this list recently. I am, like a few others also attempting to implement a software licensing and protection scheme.

I was thinking of doing something along the lines of..

1. Make the license key a hash of the license details and symmetric key which is used to open the encrypted class files. Encrypt the hash and symmetric key with a private key.

2. The program on starting reads the license details from a plain text file. It creates a hash and compares it with the license hash by decrypting the license using an inbuilt public key.

3. If the hash compares ok it starts the class loader with the key also stored in the license string. The class loader loads the encrypted classes.

There are TWO major holes in this scheme:

1. Comparing the Hash from the locally generated one to the encrypted one is a weak point. It wouldn't take much for someone to nop the function. If we were to provide a time expired license the user would have the key to unlock the class files.

2. The java class loader is another weak point. We can create a class loader which decrypts class files using a key; however it is very easy to extract the class files during loading. See link below on class capture tool.

http://www.sys-con.com/java/article2a.cfm?id=1308&count=8097&tot=11&page=6

Can anyone suggest any methods to make the above weak points a little stronger?

Thanks,
David.

PS We would also like the obsfucate the class files, however I need to check how obsfucaters handle reflection and picking up class names in strings. etc. Anyone else had experience with this?
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Oct 11 2003
Added on Nov 10 2002
2 comments
211 views