How to install Unlimited Strength Jurisdiction Policy Files?

Question

Can someone explain to me how to install Unlimited Strength Jurisdiction Policy Files. I downloaded .jar files from Oracle website but I\'m having a problem with installing

Answer 1

To programmatically handle this, The following code in Scala will help you do it. The code given above will not work for java version 8. You will get an error. Error : Can not set static final boolean field javax.crypto.JceSecurity.isRestricted to java.lang.Boolean

if (Cipher.getMaxAllowedKeyLength("AES") < 256) {
 try {
 var field=Class.forName("javax.crypto.JceSecurity").getDeclaredField("isRestricted")
    field.setAccessible(true)
   var modifiersField = classOf[Field].getDeclaredField( "modifiers" )
   modifiersField.setAccessible(true);
   modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);
    field.set(null, java.lang.Boolean.FALSE)
  }

  catch{
    case ex:Exception=>throw ex
  }
}

Answer 2

i had the same problem and none of the above answers worked for me so as i found the solution i decided to share it here to help others

what worked for me in the end was simply download the Unlimited Strength Jurisdiction Policy Files from oracle website

unzip the folder and move the files inside the folder into $JAVA_HOME\jre\lib\security overwriting the files already in there with the same name

replace JAVA_HOME with the actual jdk folder of your java installation

Answer 3

In $JAVA_HOME/jre/lib/security, edit the file java.security and uncomment the line crypto.policy=unlimited (it's about 823 lines down a 932-line file).

Answer 4

You need to determine your Java home path (either via System.getenv("JAVA_HOME") from Java or $ echo $JAVA_HOME on the command line). It should be a path like the following:

• C:\Program Files\Java\jre8 on Windows
• /Library/Java/JavaVirtualMachines/jdk1.8.0_101.jdk/Contents/Home on Mac OS X
• /usr/java/jdk1.8.0_101/bin/java on *nix

You then need to copy the US_export_policy.jar and local_policy.jar files you downloaded into the directory: <JAVA_HOME>/jre/lib/security and overwrite the existing files of the same name.

Updated 05/17/17

The following code (for demonstration purposes only) will instruct the JVM that it is allowed to use AES-256 bit encryption and corresponding TLS ciphers regardless of the policy files installed. It is not recommended to employ this method.

if (Cipher.getMaxAllowedKeyLength("AES") < 256) {
  try {
    Field field = Class.forName("javax.crypto.JceSecurity").
    getDeclaredField("isRestricted");
    field.setAccessible(true);
    field.set(null, java.lang.Boolean.FALSE);
  } catch (Exception e) {
    fail("Could not override JCE cryptography strength policy setting");
    fail(e.getMessage());
  }
}

Answer 5

For JDK 1.6 you can do it the following way:

private void hackJCE() throws Exception {
    try {
        if (Cipher.getMaxAllowedKeyLength("AES") < 256) {
            Field field = Class.forName("javax.crypto.SunJCE_b").
            getDeclaredField("g");
            field.setAccessible(true);
            field.set(null, false);
        }
    } catch (Exception e) {
        return;
    }
}

Answer 6

2018-01-15 Update

According to JDK-8170157, since JDK 6u181, 7u171, 8u161, 9b148 unlimited cryptographic policy is enabled by default. So all you have to do is just upgrade to the corresponding baseline.

Original answer

Since Java 9 and Java 8u151 there's no need to download and manually install jurisdiction policy files anymore. According to release notes:

In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. The download and install steps are no longer necessary. To enable unlimited cryptography, one can use the new crypto.policy Security property. If that new Security property is set in the java.security file, or has been set dynamically by using the Security.setProperty() call before the JCE framework has been initialized, that setting will be honoured. By default, the property will be undefined. If the property is undefined and the legacy JCE jurisdiction files don't exist in the legacy lib/security directory, then the default cryptographic level will remain at limited. To configure the JDK to use unlimited cryptography, set the crypto.policy to a value of unlimited. See the notes in the java.security file shipping with this release for more information.