Replace the JCE Unlimited Strength Jurisdiction Policy files - SAP JVM 5

Similar Messages

• Java: Where are JCE Unlimited Strength Jurisdiction Policy Files for Java for Mac OS X 10.7?

  I need to install the JCE Unlimited Strength Jurisdiction Policy Files for Java 1.6 under Mac OS X 10.7.  I know where to get then from the Sun/Oracle Java download site, but want to make sure that these will work on the Mac.  Or, are there Mac specific versions somewhere?

  There's a  jce.jar file in /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/, so it appears that they're already in place, but that's just a WAG.

• (JCE) Unlimited Strength Jurisdiction Policy Files

  I have got my program up and running, but now i keep the following error:
  "java.security.InvalidKeyException: Illegal key size or default parameters"
       at javax.crypto.Cipher.a(DashoA13*..)
       at javax.crypto.Cipher.a(DashoA13*..)
       at javax.crypto.Cipher.a(DashoA13*..)
       at javax.crypto.Cipher.init(DashoA13*..)I have read up on it but i need to install the JCE policies. Bluej is the compiler that i am using. How to do i install the policies into this compiler. Stupid question Isuppose but any help will be appreciated.
  Thanks in adavance

  Parry1982 wrote:
  I have the local_policy.jar & US_export_policy.jar install in the following directory;
  C:\ProgramFiles\Java\jdk1.6.0_16\jreThat is not where the installation instructions tells you to put them. You did read the installation instructions didn't you?

• Software distribution and Unlimited Strength Jurisdiction Policy Files

  I suppose, I'm NOT allowed to ship the Unlimited Strength Jurisdiction Policy Files (USJPF) with my application,
  even if living in Germany and not selling abroad, right?
  So I see 2 possibilities:
  - Use weaker encryption by default and encourage the users to download the USJPF by themself.
  - Implement a stronger encryption on the base of the weaker one by encrypting several times, let say in the way 3DES works.
  I'm quite sure, I'm not the only one facing such a problem, how do you solve it?

  The export of cryptography is usually contingent on the laws of the country that you live in. As a US citizen, I know that I cannot ship unlimited strength cryptography to specific countries without a permit. You should check what German law allows you to do (I was under the impression that Germany did not have such controls, but that impression could be dated) and read the license accompanying the USJPF in Germany, to see what restrictions are placed on it.
  Another option is to use a provider fhat is developed outside the US. I know that BouncyCastle is developed in Australia, so the US restrictions would not apply to them. Have you checked their licensing agreement to see what you're allowed to do with their provider files?

• Override JCE default (limited strength) jurisdiction policy files

  Hi!
  I am writing an applet, which has to decrypt encrpyted file with some simetric algorithm, e.g. PBEWithMD5AndTripleDes. Due llimitations of key lengths in default (limited strength) jurisdiction policy files for JCE I cannot use for example TripleDES with 168 bit key or. Blowfish with 400 bit key.
  I know I can obtain Unlimited version of these files from java.sun.com and replace this files in JDK/JRE installation directory. That's ok for us at server side, but disaster at client (applet) side, because we must modify installation of JRE on every computer where user want to use applet and update it every time when JRE is being updated.
  So me question is: is there any way to distribute unlimited jurisdiction files with an applet (I know how to include *.jar files) and make it work? For example via endorsed mechanism, setting some security property, reloading JCE?
  Thanks for help!

  You can't override them. Since the restriction apply only to the JCE, your best bet is to use the lightweight API from Bouncy Castle which does not use the JCE.

• Jurisdiction policy files are not signed by trusted signers!

  Hi All,
  I am getting the following Security exception while running a Java stand-alone program on Linux.
  The stand-alone program internally calls the JCE (Java Cryptography Extension) library for Encryption of data. The JCE Unlimited Strength Jurisdiction policy files are downloaded from Sun.
  Does anybody have the solution for this error?
  Is there Security policy modification to be made for the same?
  Exception in thread "main" java.lang.ExceptionInInitializerError
  at javax.crypto.Cipher.a(Unknown Source)
  at javax.crypto.Cipher.getInstance(Unknown Source)
  at lncrypt.LnCryptBase.encryptImpl(LnCryptBase.java:122)
  at lncrypt.LnAes.encrypt(LnAes.java:78)
  at CloakingUtils.encrypt(CloakingUtils.java:69)
  at AlertsMigrationSweepUtil.updateAlerts(AlertsMigrationSweepUtil.java:203)
  at AlertsMigrationSweepUtil.main(AlertsMigrationSweepUtil.java:65)
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
  at javax.crypto.e.<clinit>(Unknown Source)
  ... 7 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
  at javax.crypto.e.a(Unknown Source)
  at javax.crypto.e.a(Unknown Source)
  at javax.crypto.e.g(Unknown Source)
  at javax.crypto.f.run(Unknown Source)
  at java.security.AccessController.doPrivileged1(Native Method)
  at java.security.AccessController.doPrivileged(AccessController.java:351)
  ... 8 more
  Regards,
  Vilas Kulkarni

  Make sure that which javaindicates the Java executable you expect.

• Achieve Unlimited Strength Jurisdiction without modifying JDK files?

  I have a requirement in my application to use Unlimited Strength Jurisdiction. So I downloaded and extracted the JCE files and placed them in $JAVA_HOME/jre/lib/security overriding the existing jars. This works perfectly fine for me.
  My question is; is there some way of installing the new policy files without having to override the files in the JDK. Ideally, I would like to set a system property to point to a different directory which includes the new policy files and not have to touch my jdk files. Is this possible?
  Thanks in advance.

  It cannot be done. You could always use the lightweight Bouncy Castle API that does not have the key size restrictions.

• JCE: jurisdiction policy files

  Hello, I am new to this forum and my English is not very well. I have the following problem. I wish to use unlimited cryptography within an applet. I know, if I want to use unlimited crypto I have to install the unlimited jurisdiction policy files. Because mostly the JRE is installed under c:\programm files, where a normal user would not have the right to write, it is not very convenient to ask an admin for every workstation to install the unlimited jurisdiction policy files. Is there anyway to use unlimited crypto without touching the clients JRE?!?!
  Is it possible to install the unlimited jurisdiction policy files in another location on client at runtime???
  Maybe I can use an alternate JCE (BC or GNU)? But how? I think I can not install a new javax.crypto* from an applet? Maybe it�s possible to user another packet name?
  Or is it possible to use the cipher functionality of a provider outside the JCE?
  Have somebody had the same problem before? Any answer is very welcome!
  Regards from Berlin!

  If it could be done, it would be a serious security bug. Normal users cannot remove or change that file at all under Windows, only power users or admins can do that. An applet can have access to a file, but only if it gets permission to do so (e.g. by being signed by a trusted source, or by being accepted by the user). But to do something with this particular file, an admin should be starting up the browser really.

• How do I apply JCE Jurisdiction Policy Files in oracle jvm

       I have some java procedure using AES, while the default key size limit is 128.
       For local java, I can easily replace Jurisdiction Policy Files in JDK OR JRE,  But I do not know how to do such thing in oracle database(11g2) jvm

  $ORACLE_HOME/jdk/jre/lib/security

• Jurisdiction Policy Files

  I am implementing a simple cipherstream for commmunication between server and client for a building automation protocol called BACnet. My code compiles but when I attempt to run it I get the following error:
  Exception in thread "main" java.lang.ExceptionInInitializtoinError
  at javax.crypto.SecretKeyFactory.getInstance(DashoA6275)
  at sen.CommMod.main(CommMod.java:30)
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
  at javax.crypto.SunJCE_b.<<clinit>(DashoA6275)
  ...2 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
  at javax.crypto.SunJCE_b.a(DashoA6275)
  at javax.crypto.SunJCE_b.f(DashoA6275)
  at javax.crypto.SunJCE_b.e(DashoA6275)
  at javax.crypto.SunJCE_b.run(DashoA6275)
  at java.security.AccessController.doPriveleged(Native Metthod)
  ... 3 more
  sen is the name of the package and CommMod is the name of my class file. I have edited the java.security file to include SunJCE as a security provider and Sun is listed as the first provider as per the known bugs for the JCE.
  Is there anyway to get my policy files signed by a trusted signer or can I get policy files that will work that are already signed?

  Why is there no reply to this problem from Sun?
  I am also getting the same problem with JDK1.4.2_04 and JCE 1.2.2
  Are the jars that are provided with the JCE 1.2.2 not correctlly signed?

• Java.lang.SecurityException: Jurisdiction policy files are not signed by t

  Hi
  *I am installing ECC6 onAIX 6.1 with oarcle 10g.*
  *I am getting error in create secure store*
  *Policy and security files are ok,*
  aused by: java.lang.ExceptionInInitializerError
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
          at javax.crypto.Cipher.a(Unknown Source)
          at javax.crypto.Cipher.getInstance(Unknown Source)
          at iaik.security.provider.IAIK.a(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
          at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
          at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
          ... 6 more
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
          at javax.crypto.b.<clinit>(Unknown Source)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          ... 17 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.access$600(Unknown Source)
          at javax.crypto.b$0.run(Unknown Source)
          at java.security.AccessController.doPrivileged(AccessController.java:246)
          ... 20 more
  ERROR      2009-07-07 14:10:47.063
             CJSlibModule::writeError_impl()
  CJS-30050  Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
  SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
  java.lang.reflect.InvocationTargetException
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
          at java.lang.reflect.Method.invoke(Method.java:391)
          at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
  Caused by: java.lang.ExceptionInInitializerError
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
          at javax.crypto.Cipher.a(Unknown Source)
          at javax.crypto.Cipher.getInstance(Unknown Source)
          at iaik.security.provider.IAIK.a(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
          at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
          at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
          ... 6 more
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
          at javax.crypto.b.<clinit>(Unknown Source)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          ... 17 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.access$600(Unknown Source)
          at javax.crypto.b$0.run(Unknown Source)
          at java.security.AccessController.doPrivileged(AccessController.java:246)
          ... 20 more.
  ERROR      2009-07-07 14:10:47.547 [sixxcstepexecute.cpp:960]
  FCO-00011  The step createSecureStore with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_SecureStore|ind|ind|ind|ind|8|0|createSecureStore was executed with status ERROR ( Last error reported by the step :Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
  SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
  java.lang.reflect.InvocationTargetException
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
          at java.lang.reflect.Method.invoke(Method.java:391)
          at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
  Caused by: java.lang.ExceptionInInitializerError
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
          at javax.crypto.Cipher.a(Unknown Source)
          at javax.crypto.Cipher.getInstance(Unknown Source)
          at iaik.security.provider.IAIK.a(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
          at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
          at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
          ... 6 more
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
          at javax.crypto.b.<clinit>(Unknown Source)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          ... 17 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.access$600(Unknown Source)
          at javax.crypto.b$0.run(Unknown Source)
          at java.security.AccessController.doPrivileged(AccessController.java:246)
          ... 20 more.).
  what could be the problem ?
  Please give me the soluation
  regards
  Vijay

  Dear Juan
  You are correct.
  I downloaded correct file from IBM site , and Create Secure store step completed but innext step IMPORT JAVA DUMP
  it gave error
  n error occurred while processing service SAP ERP 6.0 Support Release 3 > SAP Systems > Oracle > Central System > Central System( Last error reported by the step : Execution of JLoad tool '/usr/java14_64/bin/java -classpath /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/launcher.jar -showversion -Xmx512m -Xj9 com.sap.engine.offline.OfflineToolStart com.sap.inst.jload.Jload /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/lib/iaik_jce.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/jload.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/antlr.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/exception.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/jddi.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/logging.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/offlineconfiguration.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/opensqlsta.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/tc_sec_secstorefs.jar:/oracle/client/10x_64/instantclient/ojdbc14.jar -sec AGQ,jdbc/pool/AGQ,/usr/sap/AGQ/SYS/global/security/data/SecStore.properties,/usr/sap/AGQ/SYS/global/security/data/SecStore.key -dataDir /swdump/NW7.0_SR3_JAVA_COMP_51033513/DATA_UNITS/JAVA_EXPORT_JDMP -job /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/IMPORT.XML -log jload.log' aborts with return code 1. SOLUTION: Check 'jload.log' and '/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/jload.java.log' for more information.
  regards
  vijjay

• Jurisdiction policy files not in standard directory

  Hi!
  I'm using cryptix in a class that encrypts emails with PGP.
  Everything works fine on my machine, as I have patched the jurisdiction policy files in $JAVA_HOME\jre\lib\security.
  Unfortunately I haven't got write-access to $JAVA_HOME on the customers machine.
  The jurisdiction policy files are located in a directory where the application runs.
  Now I need a possibility to run my application and passing a parameter that causes JVM to load the jurisdiction policy files from my directory instead of loading the ones installed in the $JAVA_HOME\jre\lib\security directory.
  Any hint is welcome!
  thanks in advance!
  Oli

  Hi!
  I'm using cryptix in a class that encrypts emails with
  PGP.
  Everything works fine on my machine, as I have patched
  the jurisdiction policy files in
  $JAVA_HOME\jre\lib\security.
  Unfortunately I haven't got write-access to $JAVA_HOME
  on the customers machine.
  The jurisdiction policy files are located in a
  directory where the application runs.
  Now I need a possibility to run my application and
  passing a parameter that causes JVM to load the
  jurisdiction policy files from my directory instead of
  loading the ones installed in the
  $JAVA_HOME\jre\lib\security directory.
  Any hint is welcome!
  thanks in advance!
  OliHmm, nobody ever encountered that problem?
  A 'is not possible' or 'does not work' would be adequate statement.
  So, I could convince my boss that it is just not possible... ;)
  thanks.
  Oli

• JCE Unlimited Strength 11gR2 problem

  We download the unlimited strength JCE policy files (Java 1.5) and replaced local_policy.jar and US_export_policy.jar in javavm but no change in our error.
  we did not find useful and exact solution for 11g, need extra steps? thanks.

  we allocated the problem, we use BouncyCastle in database with loadjar and Oracle does not find the BC, error is
  KeyGenerator not available
  what is the solution? or a bug?

• Replace the connection string in Excel MDS file

  I had MDS solution from one SQL Server 2012 to another - SQL Server 2014. I have configured Excel file with connection to MDS. How can I safely to replace the connection string in my Excel MDS file and the tables is not broken?
  from Moscow with money

  Hi,
  Excel is just used to manage data and create new entities and attributes. Why not first publish and close your excel before MDS upgraded to 2014? After the upgrade, reconnect new solution in your excel.
  thanks,
  Jerry

• The Java startup framework must be updated - SAP JVM 4

  Dear All,
  While execution of switch from JDK to SAP JVM 4.1 on java instance we get the message "The Java startup framework must be updated in order to use SAP JVM 4"
  Please help or guide for further steps
  Regards,
  Ajay

  Hi Ajay,
  Hope you are doing good.
  If the issue persists, kindly update the kernel to the latest level as this will update the native libraries which the JVM needs. This is the next step in these kind of cases.
  The below links will help you if there are any queries with the
  kernel update procedure.
  If you wish to do a Manual Kernel Upgrade:
  <http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/70d8838d-cb8f-2c10-7ab8-d1504670fbb8>
  Kernel upgrade using JSPM:
  <http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/11219>
  and
  SAP Note No. 19466: Downloading SAP kernel patches
  Thank you and have a nice day :).
  Kind Regards,
  Hemanth
  SAP AGS