How to install Unlimited Strength Jurisdiction Policy Files?

Solution 1

You need to determine your Java home path (either via System.getenv("JAVA_HOME") from Java or $ echo $JAVA_HOME on the command line). It should be a path like the following:

• C:\Program Files\Java\jre8 on Windows
• /Library/Java/JavaVirtualMachines/jdk1.8.0_101.jdk/Contents/Home on Mac OS X
• /usr/java/jdk1.8.0_101/bin/java on *nix

You then need to copy the US_export_policy.jar and local_policy.jar files you downloaded into the directory: <JAVA_HOME>/jre/lib/security and overwrite the existing files of the same name.

Updated 05/17/17

The following code (for demonstration purposes only) will instruct the JVM that it is allowed to use AES-256 bit encryption and corresponding TLS ciphers regardless of the policy files installed. It is not recommended to employ this method.

if (Cipher.getMaxAllowedKeyLength("AES") < 256) {
  try {
    Field field = Class.forName("javax.crypto.JceSecurity").
    getDeclaredField("isRestricted");
    field.setAccessible(true);
    field.set(null, java.lang.Boolean.FALSE);
  } catch (Exception e) {
    fail("Could not override JCE cryptography strength policy setting");
    fail(e.getMessage());
  }
}

Solution 2

2018-01-15 Update

According to JDK-8170157, since JDK 6u181, 7u171, 8u161, 9b148 unlimited cryptographic policy is enabled by default. So all you have to do is just upgrade to the corresponding baseline.

Original answer

Since Java 9 and Java 8u151 there's no need to download and manually install jurisdiction policy files anymore. According to release notes:

In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. The download and install steps are no longer necessary. To enable unlimited cryptography, one can use the new crypto.policy Security property. If that new Security property is set in the java.security file, or has been set dynamically by using the Security.setProperty() call before the JCE framework has been initialized, that setting will be honoured. By default, the property will be undefined. If the property is undefined and the legacy JCE jurisdiction files don't exist in the legacy lib/security directory, then the default cryptographic level will remain at limited. To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of unlimited. See the notes in the java.security file shipping with this release for more information.

Related videos on Youtube

04 : 09

How to install the jurisdiction policy files so they are not overwritten when upgrading the JDK?

IBM Support and Training

956

04 : 26

CA Spectrum - JCE Unlimited Strength File Update

Stephen G

281

08 : 36

How To Install the MFT Gateway Agent on Windows

jscapeus

171

03 : 18

Oracle Argus Safety: Installing JAVA and applying jce

Pradeep Goyal

28

11 : 59

How to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files

Open Source For Geeks

9

18 : 59

Tutorial - XML's for Jurisdictions+

Tread Red

3

06 : 59

Java Unlimited Strength Policy update

Air Quality Specialists

1

Author by

Derlin

"The code that is the hardest to debug is the code that you know cannot possibly be wrong" I am a passionate woman curious about everything. From the sexuality of worms to the NP-Hard problems, my first love is knowledge in all its forms. Well, this and octopuses 🐙🐙.

Updated on May 13, 2020