Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

javax.crypto is subject to export controls; what does that mean?

Tags:

java

security

According to http://docs.oracle.com/javase/6/docs/technotes/guides/security/overview/jsoverview.html:

For historical (export control) reasons, the cryptography APIs are organized into two distinct packages. The java.security package contains classes that are not subject to export controls (like Signature and MessageDigest). The javax.crypto package contains classes that are subject to export controls (like Cipher and KeyAgreement).

What does this mean?
What is the difference?

Note: This document reference is quoted in Java EE doc in security section >> http://docs.oracle.com/javaee/6/tutorial/doc/bnbwj.html | is this ref outdated ?

like image 632
Ravi Trivedi Avatar asked Apr 21 '13 00:04

Ravi Trivedi

People also ask

What is javax crypto?

javax.crypto. Provides the classes and interfaces for cryptographic operations. javax.crypto.interfaces. Provides interfaces for Diffie-Hellman keys as defined in RSA Laboratories' PKCS #3.

Is AES encryption export controlled?

Although AES is free for any use public or private, commercial or non-commercial programs that provide encryption capabilities are subject to U.S. export controls and sanctions administered by the Bureau of Industry and Security (BIS) under the Export Administration Regulations (EAR) and the Commerce Control List (CCL) ...

Which one of the following regulations governs the export and import of cryptosystems in the United States?

U.S. export rules. U.S. non-military exports are controlled by Export Administration Regulations (EAR), a short name for the U.S. Code of Federal Regulations (CFR) Title 15 chapter VII, subchapter C.

Which API of Java is used for cryptography?

The Java Cryptography Architecture (JCA) is a set of APIs to implement concepts of modern cryptography such as digital signatures, message digests, and certificates.

1 Answers

The first thing to note is that the text you quoted starts 'for historic reasons'.

The USA had export controls over some cryptographic algorithms and implementations above certain key lengths. They were mostly dropped during the Clinton administration: certainly those that affected Java. Any reference you read to them in reference to Java cryptography is obsolete.

Java is however affected by crypto import policies, and that's why the Unlimited Strength Crypto Policy download exists. If it's legal in your jurisdiction, you can download and install it. All it does is enable code that is already present in the JRE and which therefore has already been exported. QED

like image 67
user207421 Avatar answered Oct 10 '22 01:10

user207421
Sign in to Comment

Related questions

C3P0 max statements configuration?
Different facelets (for use in templates) in JSF 2 per locale
Please Help-Stuck Invalid Key Exception
Eclipse gives error when using GaussianBlur with OpenCV for Android
Terrain curve to array of points
multiple languages in the same project in Intellij idea
WebDriverException: Error forwarding the new session cannot find : {platform=WINDOWS, browserName=FIREFOX, version=3.6}
Enable PDF fast web view using Java?
Maven, Jenkins - how to build project to different test environments?
How to add zip entry with utf-8 name to zip
Multiplication of Integer.MAX_VALUE in Java [duplicate]
Adding a background image to a JPanel
Sunrise time calculation doesn't match Google's result
JPQL with subquery to select max count
Embed Java library in C
Using Bintray maven repository with Ivy
How to make WSS4J load the keystore password from a callback?
Unfortunate Java Exception: java.lang.NoSuchMethodError
How to arrange multiple panels in JFrame
Extending Java Class with Scala Trait

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!