Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why are the JCE Unlimited Strength not included by default?

Tags:

java

encryption

jce

Setup

  • Java doesn't offer out-of-the-box support for the JCE Unlimited Strength Policy Files
  • This prevents users from using AES-256, the largest key size of a widely-used encryption standard
  • Not including the policy files leads to many problems:
    • Unexpected exceptions
    • Unsatisfying workarounds:
      • Just install them
      • Use a different implementation
      • Use reflection that may violate the Java License Agreement
    • Breakage after JRE updates
    • Confusion after installation
    • And more!
  • All this noise leads to broken and/or buggy programs

Question

  • Why are these not provided and treated like a black sheep?
like image 801
dminuoso Avatar asked Feb 10 '17 12:02

dminuoso

People also ask

What is JCE unlimited strength?

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files Download. The Java Cryptography Extension enables applications to use stronger versions of standard algorithms. Current versions of the JDK do not require these policy files. They are provided here for use with older version of the JDK.

Does OpenJDK include JCE?

According to the following page, it seems that JCE is by default bundled with OpenJDK: https://github.com/open-eid/cdoc4j/wiki/Enabling-Unlimited-Strength-Jurisdiction-Policy.

How do I set crypto policy Unlimited?

To enable JCE Unlimited, use the crypto. policy Security property introduced in JDK 8u151. DataStax recommends enabling Java Cryptography Extension (JCE) Unlimited to ensure support for all encryption algorithms, especially AES-256 for Kerberos and SSL when using Oracle Java.

1 Answers

  • As it turns out, it's not strict crypto export laws, but simply that no one got around to it yet.
  • In fact, it's been planned for a long time to not have to jump through these hoops.
  • In Java 9, the ceremony will be condensed down to a one-liner: Security.setProperty("crypto.policy", "unlimited");
like image 138
dminuoso Avatar answered Sep 27 '22 23:09

dminuoso
Sign in to Comment

Related questions

How do I add a type to GWT's Serialization Policy whitelist?
C# equivalent to Java's continue <label>?
build.xml in Java project
Geometry library for Java [closed]
ExecutorService, standard way to avoid to task queue getting too full
Is regex too slow? Real life examples where simple non-regex alternative is better
XMLStreamWriter: indentation
Arraylist in parcelable object
HashMap Serializability
Redirect System.out and System.err to slf4j
Array declaration and initialization in Java. Arrays behave differently, when the position of their subscript indices is changed in their declaration
UnsupportedClassVersionError on running play application with JDK 1.7
MediaPlayer.setDataSource(String) not working with local files
Reading from src/main/resources gives NullPointerException
Apache Commons Lang 2 vs 3
How do I move from Java to C#?
How do I add an Implementation-Version value to a jar manifest using Maven?
How to acquire a lock by a key
Eclipse wrong Java properties UTF-8 encoding
What's the purpose of the JUnit 5 @Nested annotation

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!