Java 9 - Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files

Bradford Wetmore bradford.wetmore at oracle.com
Wed Oct 5 19:53:57 UTC 2016


 > The bane of my existance for the last decade

Us too.

 > See README.txt for details.

Better still, see:

 
http://hg.openjdk.java.net/jdk9/dev/jdk/file/f82971b324f6/src/java.base/share/conf/security/java.security

Lines 807-855

crypto.policydir-tbd defaults to "limited" in an OracleJDK build.  See:

     /jdk9-dev/jdk/make/gendata/Gendata-java.base.gmk

Brad



On 10/5/2016 3:22 AM, Vincent Ryan wrote:
> JDK-8061842 <https://bugs.openjdk.java.net/browse/JDK-8061842> has added
> improvements in JDK 9 to simplify the management of crypto strength.
> See README.txt
> <http://hg.openjdk.java.net/jdk9/dev/jdk/file/f82971b324f6/src/java.base/share/conf/security/policy/README.txt> for
> details.
>
> Adding, 'Security.setProperty(“crypto.policy”, “unlimited”);' or editing
> the java.security configuration file
> will enable unlimited strength.
>
>
>> On 5 Oct 2016, at 09:06, Jeroen Cranendonk <j.p.cranendonk at gmail.com
>> <mailto:j.p.cranendonk at gmail.com>> wrote:
>>
>> Hi!
>>
>> The bane of my existance for the last decade or so has been dealing
>> with errors because the Java Unlimited Strength Jurisdiction Policy
>> Files have not been installed, and finding ways of getting them
>> installed.
>>
>> I was wondering what the state of this is for Java 9?
>>
>> I can't find any Java 9 policy files for the current ea builds of Java 9.
>> But I also can't find any mention of them no longer being required.
>> Worryingly, the old test for whether they're installled, based on AES
>> max cipher length, still gives me 128 (code pasted after this mail),
>> which suggests they are still needed.
>>
>> It seems that the requirement for having unlimited strength
>> jurisdiction policy files has been dropped a long long time ago, but
>> noone ever got around to actually implementing the change:
>> https://bugs.openjdk.java.net/browse/JDK-7024850
>>
>> I was hoping with Java 9 this would finalyl be solved :)
>>
>> Test:
>> import javax.crypto.Cipher;
>> class Test {
>>  public static void main(String[] args) {
>>    try {
>>      System.out.println("Hello World!");
>>      int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
>>      System.out.println(maxKeyLen);
>>    } catch (Exception e){
>>      System.out.println("Sad world :(");
>>    }
>>  }
>> }
>


More information about the security-dev mailing list