In an app, I Have a network server and clients.
After a handshake, let’s say the client sends "userId sessionId SOME_COMMAND param param param".

I have already identified the client and the sessionId is checked on the server accordingly, so identity is no more an issue.

But I’d like to prevent a hacker to modify the message or create a false one, for example sending "userId sessionId SOME_COMMAND paramModified paramModified paramModified".

I thought about using a pair of private/public encryption keys, and send the hash of the message in the message itself. But since it’s automated in the client program, I may have to send the public key during the handshake. So the hacker could simply retrieve it and generate the proper hash.

I could also use complex encryption seeds or algorithms, but my experience with hackers has shown me that they will decompile anything.

So the bottom line is: I can hide everything that runs on the server, but I can’t hide anything on the client program. And I’d like to to forbid to modify the message that the client program is supposed to send.

I don’t even know if it’s possible. And I’m opened to any suggestion. And by the way, I’m using Java, although it should not be very relevant. Thanks.