Connecting Infrastructure, Connecting Research

Installing the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files

 

If you exported your PKCS#12 file from your browser and used a password that is greater than 7 characters, you may need to download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files so that Java applications such as the GSI-SSHTerm can read this file. This is a matter of U.S. policy and U.S. export controls (not due to technical reasons).
Without these files, you may encounter an "Illegal Key Size" Error when accessing PKCS#12 files

Download the required files from (see 'Other Downloads' at the bottom of the page'):
http://www.oracle.com/technetwork/java/javase/downloads/index.html (for Java 6)
http://www.oracle.com/technetwork/java/javase/downloads/index-jdk5-jsp-142662.html (for Java 5)

 

Installation instructions:

1) Download the unlimited strength JCE policy files.

2) Uncompress and extract the downloaded file.

This will create a subdirectory called jce.This directory contains the following files:

  • README.txt
  • COPYRIGHT.html Copyright information
  • local_policy.jar Unlimited strength local policy file
  • US_export_policy.jar Unlimited strength US export policy file

 

3) Install the unlimited strength policy JAR files.

The standard place for JCE jurisdiction policy JAR files is:

<java-home>/lib/security [Unix]
<java-home>\lib\security [Win32]

Notes:

o <java-home> refers to the directory where the Java SE Runtime Environment (JRE) was installed. It is determined based on whether you are running JCE on a JRE with or without the JDK installed. The JDK contains the JRE, but at a different level in the file hierarchy. For example, if the JDK is installed in: /home/user1/jdk1.6.0’ on Unix or in ‘C:\jdk1.6.0’ on Win32, then <java-home> is:

/home/user1/jdk1.6.0/jre [Unix]
C:\jdk1.6.0\jre [Win32]

If on the other hand the JRE is installed in ‘/home/user1/jre1.6.0’ on Unix or in ‘C:\jre1.6.0’ on Win32, and the JDK is not installed, then <java-home> is

/home/user1/jre1.6.0 [Unix]
C:\jre1.6.0 [Win32]

o On Win32, for each JDK installation, there may be an additional JRE installed under the "Program Files" directory. Please make sure that you install the unlimited strength policy JAR files for all JREs that you plan to use.

o The default version of JCE policy files that are bundled in the JDK(TM) environment allow "strong" but limited cryptography to be used (i.e. 7 password characters or less). The downloads above below provide "unlimited strength" policy files which contain no restrictions on cryptographic strengths.
 

Navigation

Poll

How easy is it to find the information you are looking for on the NGS website?:

©NGS