Jurisdiction Policy Files

I am implementing a simple cipherstream for commmunication between server and client for a building automation protocol called BACnet. My code compiles but when I attempt to run it I get the following error:
Exception in thread "main" java.lang.ExceptionInInitializtoinError
at javax.crypto.SecretKeyFactory.getInstance(DashoA6275)
at sen.CommMod.main(CommMod.java:30)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.SunJCE_b.<<clinit>(DashoA6275)
...2 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
at javax.crypto.SunJCE_b.a(DashoA6275)
at javax.crypto.SunJCE_b.f(DashoA6275)
at javax.crypto.SunJCE_b.e(DashoA6275)
at javax.crypto.SunJCE_b.run(DashoA6275)
at java.security.AccessController.doPriveleged(Native Metthod)
... 3 more
sen is the name of the package and CommMod is the name of my class file. I have edited the java.security file to include SunJCE as a security provider and Sun is listed as the first provider as per the known bugs for the JCE.
Is there anyway to get my policy files signed by a trusted signer or can I get policy files that will work that are already signed?

Why is there no reply to this problem from Sun?
I am also getting the same problem with JDK1.4.2_04 and JCE 1.2.2
Are the jars that are provided with the JCE 1.2.2 not correctlly signed?

Similar Messages

  • Java.lang.SecurityException: Jurisdiction policy files are not signed by t

    Hi
    *I am installing ECC6 onAIX 6.1 with oarcle 10g.*
    *I am getting error in create secure store*
    *Policy and security files are ok,*
    aused by: java.lang.ExceptionInInitializerError
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
            at javax.crypto.Cipher.a(Unknown Source)
            at javax.crypto.Cipher.getInstance(Unknown Source)
            at iaik.security.provider.IAIK.a(Unknown Source)
            at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
            at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
            at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
            at java.lang.J9VMInternals.initializeImpl(Native Method)
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
            at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
            at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
            at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
            ... 6 more
    Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
            at javax.crypto.b.<clinit>(Unknown Source)
            at java.lang.J9VMInternals.initializeImpl(Native Method)
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
            ... 17 more
    Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
            at javax.crypto.b.a(Unknown Source)
            at javax.crypto.b.a(Unknown Source)
            at javax.crypto.b.access$600(Unknown Source)
            at javax.crypto.b$0.run(Unknown Source)
            at java.security.AccessController.doPrivileged(AccessController.java:246)
            ... 20 more
    ERROR      2009-07-07 14:10:47.063
               CJSlibModule::writeError_impl()
    CJS-30050  Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
    SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
    java.lang.reflect.InvocationTargetException
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
            at java.lang.reflect.Method.invoke(Method.java:391)
            at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
    Caused by: java.lang.ExceptionInInitializerError
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
            at javax.crypto.Cipher.a(Unknown Source)
            at javax.crypto.Cipher.getInstance(Unknown Source)
            at iaik.security.provider.IAIK.a(Unknown Source)
            at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
            at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
            at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
            at java.lang.J9VMInternals.initializeImpl(Native Method)
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
            at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
            at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
            at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
            ... 6 more
    Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
            at javax.crypto.b.<clinit>(Unknown Source)
            at java.lang.J9VMInternals.initializeImpl(Native Method)
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
            ... 17 more
    Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
            at javax.crypto.b.a(Unknown Source)
            at javax.crypto.b.a(Unknown Source)
            at javax.crypto.b.access$600(Unknown Source)
            at javax.crypto.b$0.run(Unknown Source)
            at java.security.AccessController.doPrivileged(AccessController.java:246)
            ... 20 more.
    ERROR      2009-07-07 14:10:47.547 [sixxcstepexecute.cpp:960]
    FCO-00011  The step createSecureStore with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_SecureStore|ind|ind|ind|ind|8|0|createSecureStore was executed with status ERROR ( Last error reported by the step :Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
    SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
    java.lang.reflect.InvocationTargetException
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
            at java.lang.reflect.Method.invoke(Method.java:391)
            at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
    Caused by: java.lang.ExceptionInInitializerError
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
            at javax.crypto.Cipher.a(Unknown Source)
            at javax.crypto.Cipher.getInstance(Unknown Source)
            at iaik.security.provider.IAIK.a(Unknown Source)
            at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
            at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
            at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
            at java.lang.J9VMInternals.initializeImpl(Native Method)
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
            at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
            at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
            at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
            ... 6 more
    Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
            at javax.crypto.b.<clinit>(Unknown Source)
            at java.lang.J9VMInternals.initializeImpl(Native Method)
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
            ... 17 more
    Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
            at javax.crypto.b.a(Unknown Source)
            at javax.crypto.b.a(Unknown Source)
            at javax.crypto.b.access$600(Unknown Source)
            at javax.crypto.b$0.run(Unknown Source)
            at java.security.AccessController.doPrivileged(AccessController.java:246)
            ... 20 more.).
    what could be the problem ?
    Please give me the soluation
    regards
    Vijay

    Dear Juan
    You are correct.
    I downloaded correct file from IBM site , and Create Secure store step completed but innext step IMPORT JAVA DUMP
    it gave error
    n error occurred while processing service SAP ERP 6.0 Support Release 3 > SAP Systems > Oracle > Central System > Central System( Last error reported by the step : Execution of JLoad tool '/usr/java14_64/bin/java -classpath /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/launcher.jar -showversion -Xmx512m -Xj9 com.sap.engine.offline.OfflineToolStart com.sap.inst.jload.Jload /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/lib/iaik_jce.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/jload.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/antlr.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/exception.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/jddi.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/logging.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/offlineconfiguration.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/opensqlsta.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/tc_sec_secstorefs.jar:/oracle/client/10x_64/instantclient/ojdbc14.jar -sec AGQ,jdbc/pool/AGQ,/usr/sap/AGQ/SYS/global/security/data/SecStore.properties,/usr/sap/AGQ/SYS/global/security/data/SecStore.key -dataDir /swdump/NW7.0_SR3_JAVA_COMP_51033513/DATA_UNITS/JAVA_EXPORT_JDMP -job /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/IMPORT.XML -log jload.log' aborts with return code 1. SOLUTION: Check 'jload.log' and '/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/jload.java.log' for more information.
    regards
    vijjay

  • How do I apply JCE Jurisdiction Policy Files in oracle jvm

         I have some java procedure using AES, while the default key size limit is 128.
         For local java, I can easily replace Jurisdiction Policy Files in JDK OR JRE,  But I do not know how to do such thing in oracle database(11g2) jvm

    $ORACLE_HOME/jdk/jre/lib/security

  • Software distribution and Unlimited Strength Jurisdiction Policy Files

    I suppose, I'm NOT allowed to ship the Unlimited Strength Jurisdiction Policy Files (USJPF) with my application,
    even if living in Germany and not selling abroad, right?
    So I see 2 possibilities:
    - Use weaker encryption by default and encourage the users to download the USJPF by themself.
    - Implement a stronger encryption on the base of the weaker one by encrypting several times, let say in the way 3DES works.
    I'm quite sure, I'm not the only one facing such a problem, how do you solve it?

    The export of cryptography is usually contingent on the laws of the country that you live in. As a US citizen, I know that I cannot ship unlimited strength cryptography to specific countries without a permit. You should check what German law allows you to do (I was under the impression that Germany did not have such controls, but that impression could be dated) and read the license accompanying the USJPF in Germany, to see what restrictions are placed on it.
    Another option is to use a provider fhat is developed outside the US. I know that BouncyCastle is developed in Australia, so the US restrictions would not apply to them. Have you checked their licensing agreement to see what you're allowed to do with their provider files?

  • Override JCE default (limited strength) jurisdiction policy files

    Hi!
    I am writing an applet, which has to decrypt encrpyted file with some simetric algorithm, e.g. PBEWithMD5AndTripleDes. Due llimitations of key lengths in default (limited strength) jurisdiction policy files for JCE I cannot use for example TripleDES with 168 bit key or. Blowfish with 400 bit key.
    I know I can obtain Unlimited version of these files from java.sun.com and replace this files in JDK/JRE installation directory. That's ok for us at server side, but disaster at client (applet) side, because we must modify installation of JRE on every computer where user want to use applet and update it every time when JRE is being updated.
    So me question is: is there any way to distribute unlimited jurisdiction files with an applet (I know how to include *.jar files) and make it work? For example via endorsed mechanism, setting some security property, reloading JCE?
    Thanks for help!

    You can't override them. Since the restriction apply only to the JCE, your best bet is to use the lightweight API from Bouncy Castle which does not use the JCE.

  • Replace the JCE Unlimited Strength Jurisdiction Policy files - SAP JVM 5

    Hi Experts,
    I had a NetWeaver 7.1 system with SAP JVM 5. I tried to run a cryptography software on the system, but the current JCE Unlimited Strength Jurisdiction Policy files of the JVM limited encryption algorithms and key lengths.
    I downloaded the jce_policy-1_5_0.zip file from the Sun website, unzipped it, replaced the old policy files (sapjvm_5/jre/lib/security/local_policy.jar and sapjvm_5/jre/lib/security/US_export_policy.jar) with the new ones, then restarted the server. But, after the server was restarted, the new policy files were deleted and the old ones were restored.
    Could you tell me what should I do to apply the new policy files?
    Thanks in advance.
    Victor

    Issue Resolved..with help of OSS note :739043
    EP 6.0 SP15.... I had same issue for Portal prodution:
    I had  copied new files (local_policy.jar and US_export_policy.jar) in directory /opt/java1.4/jre/lib/security
    Jun 16  2003 local_policy.jar
    -rw-rr   1 root       sys           4355 Jun 16  2003 US_export_policy.jar
    -rw-rr   1 root       sys           2910 Aug  2  2007 local_policy.1.jar
    -rw-rr   1 root       sys           2429 Aug  2  2007 US_export_policy.1.jar
    -rrr--   1 bin        bin           2910 Dec 12 10:14 local_policy.2.jar
    -rrr--   1 bin        bin           2429 Dec 12 10:14 US_export_policy.2.jar
    -rrr--   1 bin        bin           2223 Dec 12 10:25 java.policy
    -rrr--   1 bin        bin           6871 Dec 12 10:25 java.security
    -rrr--   1 bin        bin          41278 Dec 12 10:25 cacerts
    Thanks,
    Hari

  • JCE: jurisdiction policy files

    Hello, I am new to this forum and my English is not very well. I have the following problem. I wish to use unlimited cryptography within an applet. I know, if I want to use unlimited crypto I have to install the unlimited jurisdiction policy files. Because mostly the JRE is installed under c:\programm files, where a normal user would not have the right to write, it is not very convenient to ask an admin for every workstation to install the unlimited jurisdiction policy files. Is there anyway to use unlimited crypto without touching the clients JRE?!?!
    Is it possible to install the unlimited jurisdiction policy files in another location on client at runtime???
    Maybe I can use an alternate JCE (BC or GNU)? But how? I think I can not install a new javax.crypto* from an applet? Maybe it�s possible to user another packet name?
    Or is it possible to use the cipher functionality of a provider outside the JCE?
    Have somebody had the same problem before? Any answer is very welcome!
    Regards from Berlin!

    If it could be done, it would be a serious security bug. Normal users cannot remove or change that file at all under Windows, only power users or admins can do that. An applet can have access to a file, but only if it gets permission to do so (e.g. by being signed by a trusted source, or by being accepted by the user). But to do something with this particular file, an admin should be starting up the browser really.

  • Jurisdiction policy files not in standard directory

    Hi!
    I'm using cryptix in a class that encrypts emails with PGP.
    Everything works fine on my machine, as I have patched the jurisdiction policy files in $JAVA_HOME\jre\lib\security.
    Unfortunately I haven't got write-access to $JAVA_HOME on the customers machine.
    The jurisdiction policy files are located in a directory where the application runs.
    Now I need a possibility to run my application and passing a parameter that causes JVM to load the jurisdiction policy files from my directory instead of loading the ones installed in the $JAVA_HOME\jre\lib\security directory.
    Any hint is welcome!
    thanks in advance!
    Oli

    Hi!
    I'm using cryptix in a class that encrypts emails with
    PGP.
    Everything works fine on my machine, as I have patched
    the jurisdiction policy files in
    $JAVA_HOME\jre\lib\security.
    Unfortunately I haven't got write-access to $JAVA_HOME
    on the customers machine.
    The jurisdiction policy files are located in a
    directory where the application runs.
    Now I need a possibility to run my application and
    passing a parameter that causes JVM to load the
    jurisdiction policy files from my directory instead of
    loading the ones installed in the
    $JAVA_HOME\jre\lib\security directory.
    Any hint is welcome!
    thanks in advance!
    OliHmm, nobody ever encountered that problem?
    A 'is not possible' or 'does not work' would be adequate statement.
    So, I could convince my boss that it is just not possible... ;)
    thanks.
    Oli

  • Java: Where are JCE Unlimited Strength Jurisdiction Policy Files for Java for Mac OS X 10.7?

    I need to install the JCE Unlimited Strength Jurisdiction Policy Files for Java 1.6 under Mac OS X 10.7.  I know where to get then from the Sun/Oracle Java download site, but want to make sure that these will work on the Mac.  Or, are there Mac specific versions somewhere?

    There's a  jce.jar file in /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/, so it appears that they're already in place, but that's just a WAG.

  • Jurisdiction policy files are not signed by trusted signers!

    Hi All,
    I am getting the following Security exception while running a Java stand-alone program on Linux.
    The stand-alone program internally calls the JCE (Java Cryptography Extension) library for Encryption of data. The JCE Unlimited Strength Jurisdiction policy files are downloaded from Sun.
    Does anybody have the solution for this error?
    Is there Security policy modification to be made for the same?
    Exception in thread "main" java.lang.ExceptionInInitializerError
    at javax.crypto.Cipher.a(Unknown Source)
    at javax.crypto.Cipher.getInstance(Unknown Source)
    at lncrypt.LnCryptBase.encryptImpl(LnCryptBase.java:122)
    at lncrypt.LnAes.encrypt(LnAes.java:78)
    at CloakingUtils.encrypt(CloakingUtils.java:69)
    at AlertsMigrationSweepUtil.updateAlerts(AlertsMigrationSweepUtil.java:203)
    at AlertsMigrationSweepUtil.main(AlertsMigrationSweepUtil.java:65)
    Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
    at javax.crypto.e.<clinit>(Unknown Source)
    ... 7 more
    Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
    at javax.crypto.e.a(Unknown Source)
    at javax.crypto.e.a(Unknown Source)
    at javax.crypto.e.g(Unknown Source)
    at javax.crypto.f.run(Unknown Source)
    at java.security.AccessController.doPrivileged1(Native Method)
    at java.security.AccessController.doPrivileged(AccessController.java:351)
    ... 8 more
    Regards,
    Vilas Kulkarni

    Make sure that which javaindicates the Java executable you expect.

  • (JCE) Unlimited Strength Jurisdiction Policy Files

    I have got my program up and running, but now i keep the following error:
    "java.security.InvalidKeyException: Illegal key size or default parameters"
         at javax.crypto.Cipher.a(DashoA13*..)
         at javax.crypto.Cipher.a(DashoA13*..)
         at javax.crypto.Cipher.a(DashoA13*..)
         at javax.crypto.Cipher.init(DashoA13*..)I have read up on it but i need to install the JCE policies. Bluej is the compiler that i am using. How to do i install the policies into this compiler. Stupid question Isuppose but any help will be appreciated.
    Thanks in adavance

    Parry1982 wrote:
    I have the local_policy.jar & US_export_policy.jar install in the following directory;
    C:\ProgramFiles\Java\jdk1.6.0_16\jreThat is not where the installation instructions tells you to put them. You did read the installation instructions didn't you?

  • NW 7.0 Installation getting jurisdiction policy error

    I am getting the error below when installing my 7.0 Portal on an AIX server.
    Do I simply update the local policy and US export files? The install did not prompt for these files, only the local java path:
    i.e. java14_64 path
    aused by: java.lang.ExceptionInInitializerError
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
            at javax.crypto.Cipher.a(Unknown Source)
            at javax.crypto.Cipher.getInstance(Unknown Source)
            at iaik.security.provider.IAIK.a(Unknown Source)
            at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
            at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
            at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
            at java.lang.J9VMInternals.initializeImpl(Native Method)
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
            at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
            at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
            at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
            ... 6 more
    Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
            at javax.crypto.b.<clinit>(Unknown Source)
            at java.lang.J9VMInternals.initializeImpl(Native Method)
            at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
            ... 17 more
    Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
            at javax.crypto.b.a(Unknown Source)
            at javax.crypto.b.a(Unknown Source)
            at javax.crypto.b.access$600(Unknown Source)
            at javax.crypto.b$0.run(Unknown Source)
            at java.security.AccessController.doPrivileged(AccessController.java:246)
            ... 20 more.).
    Thanks
    Weyland Yutani

    Hello Weyland,
    Usually this error occurs because the JDK policy files are not correct.
    Therefore, please check SAP Note 739043 for further details about this.
    regards,
    Paul

  • Can using BouncyCastle be an alternative to installing the policy files?

    Hey, sorry if this is a dumb question but I have been looking into this all day.
    I want to write a program that incorporates unlimited strength encryption, but installing the JCE Unlimited Strength Jurisdiction Policy Files is not an option (I can do it on one of the development machines, but I don't have write access to JAVAHOME on the other, and I can't expect every user of the program to install these files).
    Now I know that if I specify BouncyCastle as a provider when using JCE, I still have to install the above files... but what if I don't use JCE and I use the algorithms provided (handily without any form of documentation whatsoever) by BouncyCastle - can this be a workaround? I've heard conflicting views on this.
    If this isn't the case, can anyone please point me in the right direction of what I could do instead? Ie. if there was some way to include these files in the classpath rather than actually install them.
    Also, if using BC is a solution to problem, I would really appreciate it if anyone has such an example of AES-256 encryption and decryption with CBC and padding that they could point me in the direction of, I am having a real issue figuring out the BC API.
    Thank-you so much if you can help me.

    As long as you use the BouncyCastle lightweight crypto API rather than the JCE you should not encounter any of the JCE's restrictions. This means you cannot use Cipher.getInstance("Whatever/ABCCBC/TooMuchPadding", "BC"). Just include the lightweight api jar in your class path; the source is here: http://www.bouncycastle.org/download/lcrypto-jdk1<whatever>-139.zip
    I haven't played with bouncycastle in awhile, but I think something like this will get you started:
    BlockCipher aes = new AESEngine();
    CBCBlockCipher aes_cbc = new CBCBlockCipher(aes);
    byte [] key = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}; // 16 bytes for AES-128
    CipherParameters params = new KeyParameter(key);
    aes_cbc.init(true, params);
    //...

  • Distributing software with unlimited strength JCE policy files

    I'm about to release some software that uses AES 256-bit encryption. I had to download the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6" to do this level of encryption. I'd like to distribute my software with a bundled version of the JRE that includes these policy files. The software will be available to download from the Internet for those who pay for the service. Placing it on the Internet is technically an export because it's available to anyone in the world.
    I've talked to the Bureau of Industry and Security and they said I need to file for a classification number (ECCN). Is this necessary if I'm using Sun's software? The JCE has already been through the export approval process so it would make sense if just including it in my software required nothing. I haven't been able to find any information about what to do legally if using the unlimited strength policy files. What laws do I need to know about or comply with to do this? Also, are there any legal ramifications of including the JRE with my software? I'm using a custom jre launcher that lets me bundle whatever jre I want with my software, so I assume it's a common practice, but I'm not sure.
    Any help would be appreciated.

    I posted this question on other sites as well, but never heard any good answers.
    I've had to do some research and I've heard a few different things, but this is what I've learned:
    Software being exported (putting on the Internet is an export) that contains symmetric encryption above 64-bit requires filling out a BIS-748P form. I had to first of all request a PIN and CIN (company id number) from the BIS so that I can access their SNAP-R system which is where you fill out and submit all the paper work (including the BIS-748P) online. I haven't filled that out yet, but once you do they will review your software and classify it with an ECCN number and depending on what if falls under they will require you to obtain a license or license exception. For what I'm doing (and what most probably need this for), a license is not needed. It's simply classified as a type of encryption software and they know who you are and what you're doing with it.
    Until this is filed, the software is under a certain statute as to what you can do with it and there's a lot of legalities behind this entire process that I don't fully understand, but I think filling this paperwork out and talking to those who receive it is a good place to start.
    I'm not a lawyer by any means and I could be missing some details, but this is what I understand about the process. If you learn anything else (or find some of this to be untrue), let me know.

  • Location for JCE jurisdiction policy JAR files

    I have a simple question is the location for JCE jurisdiction policy JAR files (local_policy.jar and US_export_policy.jar) in
    <java-home>/lib/security or
    <java-home>/lib/security/jce
    I am using JDK 1.6.0_14, these jar files come in a seperate package jce_policy-6.zip
    Please let me know.
    Thanks
    _Pete                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

    Thanks for the replies.
    README says just place them under lib/security. But it doesn't say whether to use the path embedded in the zip file (ie:/jce). So that was causing the confusion.
    I think it should lib/security and NOT to use jce. If anyone else have more thoughts on it, please let me know.
    _Pete                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

Maybe you are looking for