A method of protecting Java bytecode is provided that includes the steps of encrypting at least one Java class file to produce at least one encrypted Java class file (414a) which is archived in an archive (414). A Java application that depends on the encrypted Java archive (414) is configured to run by first loading an application stub class (414b) and calling an entry point within the application stub class (414b). A method is provided of running a Java application that uses such a previously encrypted Java archive (414). The method includes the steps of loading an application stub class (414b). An entry point within the application stub class (414b) is called thereby to call a secure class loader to enable the at least one encrypted Java class file (414a) to be loaded from the archive (414) and decrypted.