Installation and setup of the Java Cryptography Extension (JCE)

Encryption mechanism is governed by laws of each country and often have restrictions on the strength of the encryption. Like in the United States, all encryption over 128-bit is restricted if the data is travelling outside the country.By default, the Java JCE implements a strength policy to comply with these rules. If a stronger encryption is preferred, and adheres to the laws of the country, then the JCE needs to have access to the stronger encryption policy. In other words, if you are planning on using AES 256-bit encryption, you must install the Unlimited Strength Jurisdiction Policy Files. Without these policies, 256-bit encryption is not possible.

In case of violating above rules get the exception  org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters

OR

"java.security.InvalidKeyException:illegal Key Size" error when invoking secured services.

The above exception usually occurs when we try to invoke the web services in a secured manner and your JVM is not provisioned for Java unlimited security jurisdiction policy.

So in order to provision for the Java unlimited security jurisdiction you must have to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.

Installation Steps

  • Go to the Oracle site  http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html.
  • Download the version that matches your installed JVM. Like I have Java 7 installed so download UnlimitedJCEPolicyJDK7.zip
  • Unzip the folder and replace local_policy.jar and US_export_policy.jar in the path C:\Program Files\Java\jdk1.7.0_67\jre\lib\security.  (Note: these jars will be already there so you have to overwrite them)  
  • Simply restart your application to get rid of this exception.



No comments:

Post a Comment