Java JCE Unlimited strength encryption security policy files

About

Asked 9/3, 2011 at 0:16 Answered 9/3, 2011 at 5:5

Are the JCE policy files (in {java.home}/lib/security) overwritten with the standard strength policy files after a JRE update? or are these left alone on JRE update?

EDIT: Does anyone know if the Mac OS X JRE ships with the unlimited policy files?

Thanks

Jon

Criseyde answered 9/3, 2011 at 0:16 Comment(1)

see here also: #6482127 – Poco 30/3, 2015 at 19:27

In my experience using JCE policy files, it did replace the files and I was frustrated. I ended up replacing the files at first run.

But at the end, using Bouncy Castle API was more appropriate, there was no need to have the unlimited strength files. It was a cleaner solution.

http://www.bouncycastle.org/

Recycle answered 9/3, 2011 at 5:5 Comment(6)

Thanks Mohamed, I'll take another look at bouncycastle, is it straightforward enough to retrofit from using JCE? – Criseyde 9/3, 2011 at 23:47

Just curious, what approach have you taken? I believe the recent versions of Java fixed the issue of auto update (the previous low 6 versions overwritten it) – Recycle 16/3, 2011 at 0:6

I did some testing and found that updates didn't get replaced. Thanks for the bouncycastle info. – Criseyde 18/3, 2011 at 16:31

I found that it is needed when using ElGamal keys even with Bouncycastle. The thing I notice was the Oracle (Sun) JDK needs the two additional jars. For OpenJDK this is not needed. This page could be useful to understand the issues: eyrie.org/~eagle/notes/debian/jce-policy.html – Die 1/2, 2012 at 16:8

@Criseyde Having to replace the policy files on every computer or skipping the JCE entirely are not always satisfactory. Here's another approach to the issue: #1180172 – Eustis 19/3, 2014 at 17:27

I am facing the key-length issue with Java SE 8 Update 144. My web application has been live for over a year now, and changing the encryption code is not an option. I can however replace the policy files. My question is, if I replace existing policy files with unlimited ones, will it wreak havoc on my already encrypted data? IMO, it should not, but I want to be 100% sure before I go about replacing. – Southwards 9/1, 2019 at 11:40

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags