tags:

views:

1632

answers:

4
+6  Q: 

"Unlimited Strength" JCE Policy Files

I have an app that uses 256-bit AES encryption which is not supported by Java out of the box. I know to get this to function correctly I install the JCE unlimited strength jars in the security folder. This is fine for me being the developer, I can install them.

My question is since this app will be distributed, end users most likely will not have these policy files installed. Having the end user download these just to make the app function is not an attractive solution.

Is there a way to make my app run without overwriting files on the end user machine? A third party software that can handle it without the policy files installed? Or a way to just reference these policy files from within a JAR?

Thanks for any ideas.

A: 

The unlimited strength jurisdiction files must be installed relative to the JRE directory, at ${java.home}/lib/security/.

erickson  2009-07-24 19:39:58
he stated this fact in his question, by the way.
djangofan  2009-08-05 19:07:28
Yes, but sometimes wishing for an alternative doesn't mean there is one. You can't bypass the key strength limitations with a third-party provider, and the policy files have to be in this location; no embedded-in-a-jar trickery will work.
erickson  2009-08-05 20:23:40
A: 

personally, i would write java code that extracts the jars from your apps jar archive and copies them to the local JRE and then restarts the JVM (on the first run of the app).

djangofan  2009-07-24 20:09:03
"make my app run *without overwriting files* on the end user machine"
erickson  2009-08-05 20:24:11
+1  A: 

For our application, we had a client server architecture and we only allowed decrypting/encrypting data in the server level. Hence the JCE files are only needed there.

We had another problem where we needed to update a security jar on the client machines, through JNLP, it overwrites the libraries in${java.home}/lib/security/ and the JVM on first run.

That made it work.

Mohamed Mansour  2009-07-24 22:29:13
+2  A: 

For an alternative crypto provider, have a look at Bouncy Castle. They have AES and a lot else besides. And they're free.

Hollerith  2009-08-05 12:42:20
They are a great crypto provider, but still require the unlimited strength JCE file in order to work with large keys.
John Meagher  2009-08-05 12:51:03
If you use the Bouncy Castle API directly you don't need the unlimited strength files.
laz  2009-08-20 15:01:07

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java