How to call java methods in a .jar file from javascript?

Question

I know there are many similar questions on the internet but none of them could solve my doubt. So pardon me. About my project. I have a java file or program that takes a string , encrypts it and then returns the encrypted string to me.

I want to include or keep this java file (.jar file) on the webpage or the client-side. Now I know that we can upload this java program on server side and then easily communicate with it instead of calling keeping it on client-side which most people consider a bad practice.

But my purpose of keeping this jar file on the client side is that JavaScript code for encryption can be easily seen if we inspect element, so compared to it .jar file is more secure and one cannot see underlying encryption code and also if in case the there is network loss then instead of typing the entire string again and getting it encrypted again from the server, I want to save that string in such situation, get it encrypted from the jar file on the client-side so that once network problem is solved I don't need to retype whole message again and then I can directly send the message or the string to the other end or to other user on the network.

So for this I need help regarding how can I store my .jar file on webpage or client-side and then how to call methods from the .jar file using JavaScript. I know applets are deprecated, chrome does not support java. I have also seen some examples on internet like https://docs.oracle.com/javase/tutorial/deployment/applet/invokingAppletMethodsFromJavaScript.html but Its not working properly for me.

So I am in search of some ideal method by which I can first of all include or upload .jar file on client-side and then a method by which I can call java methods from .jar file using JavaScript. Please help... My earnest request...!

Answer 1

JavaScript code for encryption can be easily seen if we inspect element

I'm assuming you mean embedded Javascript here. Because you can refer to an external JS files which are located on the web server, not the client machine.

The browser may cache your script file somewhere locally but if one were bothered enough to dig it up, he might as well decompile your jar file which is much more easier.

Answer 2

• Java can easily be decompiled. A jar file on the client will not be more secure than client-side JavaScript.
• An encryption method that is compromised by looking at its code is not secure.

Answer 3

You seem to have many misconceptions... here are some facts for you to consider:

1. A JAR file (as either an application, WebStart or applet) running on client-side is NOT secure. If it runs on my computer, I can do anything I want. I can download the JAR file and decompile it. It's no better than JavaScript in this regard, it just takes slightly more effort and knowledge.

2. To protect data between client and server, you can simply use HTTPS and POST the data from web page to your server.

3. If client is encrypting data to you, there should be nothing to hide about the encryption process. The client generates a session key to encrypt the data, then wrap that session key by your server's public key. Then client send both encrypted data and wrapped session key to your server. Read more about Public Key Infrastructure (PKI): https://en.wikipedia.org/wiki/Public_key_infrastructure

4. By default a Java applet/WebStart is not granted access to disk. You must sign it to write data to disk, and user/security policies can still deny granting those access rights. ( Applet - Unable to write file )

5. As you are aware of it, applet/WebStart is dying because of browsers rejecting plugins. There's Web Cryptography API (it's not mature, and there's no hardware support), you can try that instead. https://www.w3.org/TR/WebCryptoAPI/