Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why are the JCE Unlimited Strength not included by default?

Setup

  • Java doesn't offer out-of-the-box support for the JCE Unlimited Strength Policy Files
  • This prevents users from using AES-256, the largest key size of a widely-used encryption standard
  • Not including the policy files leads to many problems:
    • Unexpected exceptions
    • Unsatisfying workarounds:
      • Just install them
      • Use a different implementation
      • Use reflection that may violate the Java License Agreement
    • Breakage after JRE updates
    • Confusion after installation
    • And more!
  • All this noise leads to broken and/or buggy programs

Question

  • Why are these not provided and treated like a black sheep?
like image 801
dminuoso Avatar asked Feb 10 '17 12:02

dminuoso


People also ask

What is JCE unlimited strength?

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files Download. The Java Cryptography Extension enables applications to use stronger versions of standard algorithms. Current versions of the JDK do not require these policy files. They are provided here for use with older version of the JDK.

Does OpenJDK include JCE?

According to the following page, it seems that JCE is by default bundled with OpenJDK: https://github.com/open-eid/cdoc4j/wiki/Enabling-Unlimited-Strength-Jurisdiction-Policy.

How do I set crypto policy Unlimited?

To enable JCE Unlimited, use the crypto. policy Security property introduced in JDK 8u151. DataStax recommends enabling Java Cryptography Extension (JCE) Unlimited to ensure support for all encryption algorithms, especially AES-256 for Kerberos and SSL when using Oracle Java.


1 Answers

  • As it turns out, it's not strict crypto export laws, but simply that no one got around to it yet.
  • In fact, it's been planned for a long time to not have to jump through these hoops.
  • In Java 9, the ceremony will be condensed down to a one-liner: Security.setProperty("crypto.policy", "unlimited");
like image 138
dminuoso Avatar answered Sep 27 '22 23:09

dminuoso