JCE Unlimited Strength 11gR2 problem

We download the unlimited strength JCE policy files (Java 1.5) and replaced local_policy.jar and US_export_policy.jar in javavm but no change in our error.
we did not find useful and exact solution for 11g, need extra steps? thanks.

we allocated the problem, we use BouncyCastle in database with loadjar and Oracle does not find the BC, error is
KeyGenerator not available
what is the solution? or a bug?

Similar Messages

  • Replace the JCE Unlimited Strength Jurisdiction Policy files - SAP JVM 5

    Hi Experts,
    I had a NetWeaver 7.1 system with SAP JVM 5. I tried to run a cryptography software on the system, but the current JCE Unlimited Strength Jurisdiction Policy files of the JVM limited encryption algorithms and key lengths.
    I downloaded the jce_policy-1_5_0.zip file from the Sun website, unzipped it, replaced the old policy files (sapjvm_5/jre/lib/security/local_policy.jar and sapjvm_5/jre/lib/security/US_export_policy.jar) with the new ones, then restarted the server. But, after the server was restarted, the new policy files were deleted and the old ones were restored.
    Could you tell me what should I do to apply the new policy files?
    Thanks in advance.
    Victor

    Issue Resolved..with help of OSS note :739043
    EP 6.0 SP15.... I had same issue for Portal prodution:
    I had  copied new files (local_policy.jar and US_export_policy.jar) in directory /opt/java1.4/jre/lib/security
    Jun 16  2003 local_policy.jar
    -rw-rr   1 root       sys           4355 Jun 16  2003 US_export_policy.jar
    -rw-rr   1 root       sys           2910 Aug  2  2007 local_policy.1.jar
    -rw-rr   1 root       sys           2429 Aug  2  2007 US_export_policy.1.jar
    -rrr--   1 bin        bin           2910 Dec 12 10:14 local_policy.2.jar
    -rrr--   1 bin        bin           2429 Dec 12 10:14 US_export_policy.2.jar
    -rrr--   1 bin        bin           2223 Dec 12 10:25 java.policy
    -rrr--   1 bin        bin           6871 Dec 12 10:25 java.security
    -rrr--   1 bin        bin          41278 Dec 12 10:25 cacerts
    Thanks,
    Hari

  • Java: Where are JCE Unlimited Strength Jurisdiction Policy Files for Java for Mac OS X 10.7?

    I need to install the JCE Unlimited Strength Jurisdiction Policy Files for Java 1.6 under Mac OS X 10.7.  I know where to get then from the Sun/Oracle Java download site, but want to make sure that these will work on the Mac.  Or, are there Mac specific versions somewhere?

    There's a  jce.jar file in /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/, so it appears that they're already in place, but that's just a WAG.

  • (JCE) Unlimited Strength Jurisdiction Policy Files

    I have got my program up and running, but now i keep the following error:
    "java.security.InvalidKeyException: Illegal key size or default parameters"
         at javax.crypto.Cipher.a(DashoA13*..)
         at javax.crypto.Cipher.a(DashoA13*..)
         at javax.crypto.Cipher.a(DashoA13*..)
         at javax.crypto.Cipher.init(DashoA13*..)I have read up on it but i need to install the JCE policies. Bluej is the compiler that i am using. How to do i install the policies into this compiler. Stupid question Isuppose but any help will be appreciated.
    Thanks in adavance

    Parry1982 wrote:
    I have the local_policy.jar & US_export_policy.jar install in the following directory;
    C:\ProgramFiles\Java\jdk1.6.0_16\jreThat is not where the installation instructions tells you to put them. You did read the installation instructions didn't you?

  • Distributing software with unlimited strength JCE policy files

    I'm about to release some software that uses AES 256-bit encryption. I had to download the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6" to do this level of encryption. I'd like to distribute my software with a bundled version of the JRE that includes these policy files. The software will be available to download from the Internet for those who pay for the service. Placing it on the Internet is technically an export because it's available to anyone in the world.
    I've talked to the Bureau of Industry and Security and they said I need to file for a classification number (ECCN). Is this necessary if I'm using Sun's software? The JCE has already been through the export approval process so it would make sense if just including it in my software required nothing. I haven't been able to find any information about what to do legally if using the unlimited strength policy files. What laws do I need to know about or comply with to do this? Also, are there any legal ramifications of including the JRE with my software? I'm using a custom jre launcher that lets me bundle whatever jre I want with my software, so I assume it's a common practice, but I'm not sure.
    Any help would be appreciated.

    I posted this question on other sites as well, but never heard any good answers.
    I've had to do some research and I've heard a few different things, but this is what I've learned:
    Software being exported (putting on the Internet is an export) that contains symmetric encryption above 64-bit requires filling out a BIS-748P form. I had to first of all request a PIN and CIN (company id number) from the BIS so that I can access their SNAP-R system which is where you fill out and submit all the paper work (including the BIS-748P) online. I haven't filled that out yet, but once you do they will review your software and classify it with an ECCN number and depending on what if falls under they will require you to obtain a license or license exception. For what I'm doing (and what most probably need this for), a license is not needed. It's simply classified as a type of encryption software and they know who you are and what you're doing with it.
    Until this is filed, the software is under a certain statute as to what you can do with it and there's a lot of legalities behind this entire process that I don't fully understand, but I think filling this paperwork out and talking to those who receive it is a good place to start.
    I'm not a lawyer by any means and I could be missing some details, but this is what I understand about the process. If you learn anything else (or find some of this to be untrue), let me know.

  • How to install unlimited strength policy files with 2003 windows server

    Hi all,
    I am working on encryption AES 256 bit key encryption.
    128 is default encryption key.But for use 256 bit encryption key need to add unlimited strength policy file with jdk.
    That is working fine on windows xp.
    Now problem
    But when i run on client machine with operating system windows 2003 server standard.
    I replaced all files under folder Java\jdk1.6.0_10\jre\lib\security with files which i am using on windows XP.
    Restarted the computer after update files but on windows server 2003 256 bit key encryption not working.
    Giving following exception
    java.security.InvalidKeyException: Illegal key size or default parameters
         javax.crypto.Cipher.a(DashoA13*..)
         javax.crypto.Cipher.a(DashoA13*..)
         javax.crypto.Cipher.a(DashoA13*..)
         javax.crypto.Cipher.init(DashoA13*..)
         javax.crypto.Cipher.init(DashoA13*..)
    Please suggest me how to run encryption on windows server 2003..
    Thanks
    Anu

    anu1106 wrote:
    I replaced all files under folder Java\jdk1.6.0_10\jre\lib\security with files which i am using on windows XP.Why? Why not just install the unlimited strength files in the normal way according to the installation instructions given in the distribution file?

  • Java Kernel and the "Unlimited Strength Java Crypto Extension Policy Files"

    Is Java Kernel able to download and install on-demand the "Unlimited Strength Java(TM) Cryptography Extension Policy Files"?
    Currently, I have to instruct the users of my applications to download those policy files from Sun's website and follow the installation instruction. I haven't received any positive feedback from my users when I told them to do this task. I understand them. Manual installation of this files really suck especially for lay men.
    So, with Java Kernel, what's the plan? Can I hope for something better?

    I believe, for US export-control reasons, the Unlimited Strength JCE policy files are never automatically downloadable by the JVM - they have to be explicitly downloaded and configured. However, you could download it yourself, configure the JVM with the policy files, create your own ZIP/JAR file and internally distribute it to your users through your intranet. But, if you do this, you are responsible for complying with the applicable export laws of your country, and perhaps, Sun licensing terms for redistributing the JVM.

  • Software distribution and Unlimited Strength Jurisdiction Policy Files

    I suppose, I'm NOT allowed to ship the Unlimited Strength Jurisdiction Policy Files (USJPF) with my application,
    even if living in Germany and not selling abroad, right?
    So I see 2 possibilities:
    - Use weaker encryption by default and encourage the users to download the USJPF by themself.
    - Implement a stronger encryption on the base of the weaker one by encrypting several times, let say in the way 3DES works.
    I'm quite sure, I'm not the only one facing such a problem, how do you solve it?

    The export of cryptography is usually contingent on the laws of the country that you live in. As a US citizen, I know that I cannot ship unlimited strength cryptography to specific countries without a permit. You should check what German law allows you to do (I was under the impression that Germany did not have such controls, but that impression could be dated) and read the license accompanying the USJPF in Germany, to see what restrictions are placed on it.
    Another option is to use a provider fhat is developed outside the US. I know that BouncyCastle is developed in Australia, so the US restrictions would not apply to them. Have you checked their licensing agreement to see what you're allowed to do with their provider files?

  • Achieve Unlimited Strength Jurisdiction without modifying JDK files?

    I have a requirement in my application to use Unlimited Strength Jurisdiction. So I downloaded and extracted the JCE files and placed them in $JAVA_HOME/jre/lib/security overriding the existing jars. This works perfectly fine for me.
    My question is; is there some way of installing the new policy files without having to override the files in the JDK. Ideally, I would like to set a system property to point to a different directory which includes the new policy files and not have to touch my jdk files. Is this possible?
    Thanks in advance.

    It cannot be done. You could always use the lightweight Bouncy Castle API that does not have the key size restrictions.

  • API method to check unlimited strength cryptography

    Hi,
    Is there any API available to check whether user has installed the unlimited strength cryptography files?
    Regards,
    Efby.

    Not directly. Indirectly you can try to generate 2048bits RSA key.

  • CA Cert & unlimited strength ciphers in OJVM

    I have to install a cert & also add local_policy.jar and US_export_policy.jar to the Oracle JRE in order to be able to call our Hardware Security Module (HSM) and use unlimited strength ciphers in my Java code. Used loadjava to load the java class to the DB. Should I load local_policy.jar, etc. using loadjava or just copy it to ojvm/jre/lib/security? We are using Oracle 11g
    Thanks!

    Hi,
    Loading them to database is not required. As you said they should be copied to the OS folder and the DB JAVA VM path is <dbhome>\javavm\lib\security.
    Regards,
    Habeeb.

  • Unlimited Strength Policy File

    Please inform if we can have Unlimited Strength Policy File in DPRK and how I can recieve this

    What is DPRK?
    Message was edited by:
    Martin@StricentHello DPRK is Democratic Peoples Republic of Korea

  • Installing JCE with unlimited strength version

    I have downloaded the file jce_policy-1_4_2.zip and kept
    it in java-> lib-> security with unzipped format.
    But when I compiled my program requiring this file it's showing
    compilation error.
    please mail me what to do?I am in problem.
    Actually I am doing 256bit data encryption, which required the
    above mentioned file. So please suggest me what to do.

    Olek wrote:
    Ok,
    This problem is solved. I've found the unlimited policy files
    for a jdk 1.5 version... for the newest jdk version it is impossible to find it!?
    The 1.5 version works for me.
    Err ... the last download on http://java.sun.com/javase/downloads/?intcmp=1281 .

  • 11gR2 problem for dba group user

    Hi Pavan Sir,
    After the 11gR2 Installation and connect to oracle as one of the dba group user(ex: tuser)
    1) when sqlplus / as sysdba --> startup nomount --> receiving the error ORA-48189 (The OS command to create directory failed) for the diagnostic_dest(ex: /disk1/oradata/test)location, but the specified directory is created and owned by the same dba group user(test).
    2) If suppose the "/disk1/oradata/test" directory permission are modified by 777, the dba group user(test) can connect to nomount stage, but the sub directories of diagnostic_dest automatically gets created (like /disk1/oradata/test/diag/rdbms then etc......) are being owned by oracle user and also if the db is created ,the control file,redolog file and datafiles are automatically getting owned by oracle user but not by the test user.
    Which was not the case till 10gR2.
    Plz. provide any body provide us with some solution to overcome the above experienced problem which is implemented in our Dev. box.
    Thanks in Advance.
    Best regards,
    Habeeb.

    Dear user,
    Even if the perm are changed by -R ,the files are automatically owned by oracle user, not by the test user.
    Have any body tried creating oracle database using dba group user in 11gR2, but the db files being created by test user should not be automatically owned by oracle user. If so , plz. forward me the steps.
    Thanx in advance.

  • OIM 11gR2 : Problem while starting managed server

    Hello Experts,
    I ran config.sh in order to extend my schema to include APM (Authorization Policy Manager) in OIM 11gR2.
    After that i took a restart of the servers. When i am trying to start the managed servers they're not starting in the RUNNING mode. Instead they're starting in the ADMIN mode.
    The logs are showing the following error :
    Internal Exception: java.sql.SQLException: Listener refused the connection with the following error:
    ORA-12505, TNS:listener does not currently know of SID given in connect descriptor
    Kindly help me out.

    1. yes you can check if the nodemanage is running using the following ways.
    For linux env:-
    a. Check if the JAVA process for nodemanager is running ps -ef | grep java and see the nodemanager process else /usr/sbin/lsof -i:$port (port of nodemanager).
    b. Login to Admin Console --> Environment --> Machines --> Click on Machines --> Nodemanager --> Monitoring will give you nodemanager status from Admin console.
    c. use nm() command with WLST
    Example:
    wls:/mydomain/serverConfig> nm()
    Currently connected to Node Manager that is monitoring the domain "mydomain"
    wls:/mydomain/serverConfig> nm()
    Not connected to any Node Manager
    wls:/mydomain/serverConfig>
    To see if WLST connects to nodemanager or not?
    help('nmLog') --> to check the nm logs
    2. To start the nodemanager using WLST here are the commands
    Example:
    For single managed Server
    wls:/mydomain/serverConfig> start('myserver', 'Server', block='false')
    Starting server 'myserver' ...
    The server 'myserver' started successfully.
    wls:/mydomain/serverConfig>
    For Cluster
    wls:/mydomain/serverConfig> start('mycluster', 'Cluster')
    Starting the following servers in Cluster, mycluster: MS1, MS2, MS3...
    All servers in the cluster mycluster are started successfully.
    wls:/mydomain/serverConfig>

Maybe you are looking for

  • I need to restore an iphone 4 to 7.0.6 not the current 7.1

    I need to restore an passcode locked CMDA iPhone 4 to 7.0.6 not the current 7.1. This is due to a mobile management application that our company uses that has not been verified to work with 7.1 yet. This iPhone is current on 5.1.0. I am trying to do

  • Jcontrol.exe in SAP MMC turns "GREY" after start.--- Urgent

    Hi, I am facing one problem with SAP J2EE engine. In SAP MMC all services are green, only "Jcontrol.exe" is  Grey. I restarted the server several times but every time it starts and then just becomes "GREY" Below is the description of "Developer Trace

  • Newbie with LOM Questions

    I recently setup our new Intel xServe, mainly for file and print services. I have no problems using or connecting to the LOM processors with the Server Monitor App. But my question is which LOM port should I be using to connect with Server Monitor? I

  • Percentage in Totals / Grand Totals

    I have 2 columns on a report (in reports builder) that have numbers - total touched & total count. I am calculating the percentage done with the following formula: ROUND(((PP_TOUCHED / PP_TOTAL) * 100),2). This works fine for the detail lines, but I

  • Transporting ESR / ID components over the same SLD config

    Hi experts, I'm facing a situation where a client has 3 distinct SLD and, in each one there's the same Business System. i.e: SLD DEV -> BS_A1 SLD QAS -> BS_A1 SLD PRD -> BS_A1 My question is, if we transport the design and configuration objects from