Blog di Bernardino (Dino) Ciuffetti

16 Apr 16 How to check if JCE Unlimited Strength policy is installed

JCE Unlimited Strength policy files are two files distributed by Oracle (this is for jdk8: that must be installed inside your JDK/jre/lib/security path if you want to unlock high strength cryptographic security for you java environment.

You need it for sure in a server environment outside USA.

If you don’t have this stuff installed, your jboss, tomcat, or any other server or client with a keylength higher than 1024 will not work.
To enable JCE Unlimited Strength you simply need to unzip the file downloaded from Oracle and copy US_export_policy.jar and local_policy.jar files in <JDK>/jre/lib/security.

You can check if JCE is unlimited using this command:

jrunscript -e ‘exit (javax.crypto.Cipher.getMaxAllowedKeyLength(“RC5”) >= 256);’; if [ $? -eq 1 ]; then echo “JCE Unlimited OK”; else echo “JCE NOT Unlimited”; fi

The jrunsctipt command is installed inside your JDK/bin path.


Lascia un commento