Networking and Unix

Creating a Windows Executable Bundled with Java OpenJDK

 July 19th, 2018Jul 19th, 2018        6

In the past I have been a great fan of Launch4j which I have used on projects like TemplateFx to create a single Windows executable for my Java application. This has always relied on the end user having a version of Java installed as it wasn’t able to support bundling a JRE into the actual EXE file.

Over the last 12 months or so the development model of Java has changed – instead of having a new release every 3 years, we are now seeing a new release every 6 months. Java 11 will also be the first release where we don’t have a public Oracle JRE available for non-commercial use. Oracle will continue to provide support for Java 8 up until 2019/2020, but beyond Java 8 they expect you to start using OpenJDK for non-commercial use (64-bit only as they dropped support for 32-bit with Java 9) and recommend you bundle OpenJDK with your applications – see

With this in mind, I am looking at ways that I can continue to advance the code beyond Java 8, but still provide a solution that works for people – it is unlikely that people will upgrade beyond Java 8 as Oracle isn’t automatically updating people beyond it. It is also unlikely that people will go out of their way to download OpenJDK, hence the reason for this post.

Under Project Jigsaw introduced in Java 9, where the JRE is now split out into smaller run-time modules, it has now become feasible to start bundling a version of the JRE with your application (this does have some disadvantages unless you update your application when the JRE is updated). Historically if you tried to bundle a JRE with your application then you would end up with a 200MB executable, but this post will show you how I was able to bundle OpenJDK 10 with my TemplateFx distribution, taking up a total of around 25MB.


General Java

Updated Encryption Routines in TemplateFx v2.54

 August 12th, 2016Aug 12th, 2016        0

In the spirit of public disclosure as all encryption/decryption routines should be publicly available for scrutiny, the following article includes the updated routines which are within TemplateFx v2.54. Previously TemplateFx was using AES-128 for encryption and HMAC-SHA256 for authentication. The keys were being derived using PBKDF2 with HMAC-SHA1 using 100,000 iterations. However, I wasn’t completely happy with the following bits:

  1. I was using PBKDF2 with HMAC-SHA1 as the PRF (pseudo-random function) which didn’t provide enough output for my HMAC-SHA256 key (160 bit output instead of 256 bit). This also meant I had to run PBKDF2 twice, which was a bit messy – once for my AES-128 key and once (with a different salt) for my HMAC-SHA256 key.
  2. My HMAC wasn’t across all the data – I was just including the ciphertext, which means someone could have changed my encryption salt to manipulate my decrypted ciphertext while still passing the HMAC authentication check.
  3. There was no support for AES-256 if the user had decided to install the “Java Cryptography Extension Unlimited Strength Jurisdiction Policy Files”.



AES Encryption with HMAC Integrity in Java

 April 19th, 2015Apr 19th, 2015        20

UPDATED: 12th August 2016

I recently came across a requirement to provide password based encryption and decryption of data in a Java program. I initially assumed I just needed to pass my data through some internal Java “encrypt (plaintext, password)” type function and all would be fine. Unfortunately I found it isn’t quite as simple as this and there are quite a few pitfalls you need to overcome if you want to do this securely and properly.

I also wanted to work within the limitations of Java and only use native libraries (e.g. “javax.crypto”), which rules out the popular Bouncy Castle cryptographic library – rolling your own crypto functions is also a very bad idea (repeat “very bad idea“) as even the experts can get it wrong sometimes. I also wanted to ensure it worked with Java 7, which rules out some of the newer more modern modes of AES like GCM (Galois/Counter Mode).


General Cryptography Java

Tracking Downloads with Google Analytics

 April 27th, 2014Apr 27th, 2014        3

Google Analytics does a very good job at tracking page views out of the box, but requires a bit more technical expertise to successfully track download events. There are lots of different WordPress plugins available, but they all seem very complicated and none that seemed to track download events out of the box. With this in mind I decided to come up with a simple solution that only requires a single line to be included in your header section for it to track page views and download events.


General Google Analytics JavaScript

The Impeding Death of Java on MacOS

 April 22nd, 2014Apr 22nd, 2014      

It seems Apple’s long term goal is to eventually drive a wooden steak through any technology that doesn’t adhere to their vision of the future. Before they had finished putting the final nails on the coffin of Flash, they have moved onto Java and placed it firmly within their crosshairs. This hasn’t been totally unwarranted though, Oracle has had a lot of bad press recently (and Sun historically) with respect to Java security, which has resulted in Apple disabling Java in the browser on numerous occasions until exploits and vulnerabilities have been patched – a strategy that some think was drastic, but it places pressure on vendors to fix things quickly and in this case, it appears to have worked.


General Java MacOS Security

1 2 3