unlimited strength : Java Glossary
- unlimited strength encryption
The government of the USA does not want other countries using long
encryption keys, making it harder for the
CIA (Central Intelligence Agency)
to snoop, so they made it illegal for US companies to export the
technology. This is ridiculous for four reasons:
- All the algorithms are openly published.
- You can acquire third party software outside the USA. People just
bought their encryption from the Australians (BouncyCastle),
Europeans… All this foolish bill did was penalise American
- To use Oracle’s unlimited strength version all you have to
do in install two jars freely available from Oracle. All the code
for unlimited strength is already present in the
JDK (Java Development Kit).
All you have to do is turn it back on.
- The bill restricts
SSL (Secure Sockets Layer)
encryption export to 40 bits. Such a code
can be broken with a
PC (Personal Computer)
in a matter of days. It is hardly better than no encryption at all.
However, the bill made an exception for Americans and Canadians. They
could use good encryption. This is odd given the US government
primarily spies on its own citizens.
So Oracle shipped Java with decent encryption turned off. To turn it
back on, all you need to do is install a a couple of files. Terrorists
are supposed to refrain from doing this. Only Americans and Canadians
are supposed to use decent encryption. There is no check that you
truly are Canadian or American.
How To Turn Unlimited Strength Encryption Back On
strength encryption extension from the Oracle website. Make
sure you select the version matching your JDK. I presume 1.8.
- unzip/extract the downloaded
jce_policy-8.zip file into your C:\UnlimitedJCEPolicy
- Inside you will find two files: US_export_policy.jar
- Track down all the existing copies of those two files on your hard
disk. Look in places like:
C:\Program Files (x86)\java\jre1.8.0_112\\Java\jre8\lib\security\local_policy.jar
C:\Program Files (x86)\java\jre1.8.0_112\\Java\jre8\lib\security\US_export_policy.jar
J:\Program Files (x86)\java\jdk1.8.0_112\\jre\lib\security\local_policy.jar
J:\Program Files (x86)\java\jdk1.8.0_112\\jre\lib\security\US_export_policy.jar
- Back up the existing copies or rename them.
- Replace them by copying the corresponding downloaded files over
top of them.
- Verify the files have been replaced by checking the file sizes and
times now installed.
- If you have any version 1.7 JDKs/JREs,
version of the files for them and repeat the process.
The instructions in the zip are rather geekish. The
instructions here should be all you need.
Bat File Replacement
Its is generally safer to compose a bat
file to do the copying. Here is an example of what one might look
When Do You have to Reinstall the Policy Files?
- When you upgrade to a new major version, e.g. from 1.6 to 1.7 or
1.7 to 1.8.
- When you have uninstalled and reinstalled a JRE/JDK.
- I am not sure if this is necessary, but to be safe, any time you
upgrade to a new minor version. If you find out if this is
necessary, please let me know.