BookmarkSubscribeRSS Feed

What are unlimited strength policy files in Java used for?

Started ‎09-10-2019 by
Modified ‎09-10-2019 by
Views 5,934

Question

What are unlimited strength policy files in Java used for?

Answer

The Java Cryptography Extension (JCE) is an application program interface (API) that provides a uniform framework for the implementation of security features in Java. JCE supports several applications in digital security, such as the following:

 

  • Symmetric ciphers
  • Asymmetric ciphers
  • Stream ciphers
  • Block ciphers
  • Key generation
  • Key storage
  • Key retrieval
  • Secure streams
  • Sealed objects
  • Digital signatures
  • Message Authentication Code (MAC) algorithms

If you are using SAS 9.4, maintenance release version less than 6, you have to add JCE files manually, usually inside /SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/security/ directory.

 

Beginning with the sixth maintenance release of SAS 9.4 (SAS 9.4M6), the SAS Private JRE is based on Java 8 technology. In Java 8, the Unlimited Strength Jurisdiction Policy files are included by default, but they might not be enabled though. To enable it, you need to edit the /SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/security/java.security file and uncomment or include the line:

 

crypto.policy=unlimited

 

 

Please note that JDK 1.8.0_161 enables unlimited strength encryption by default, so you do not have to edit any files.

 

How to verify that JCE files were installed and enabled?


The easiest way is to write, compile and run a simple Java program that prints maximum allowed key length for AES and RC5:

 

import javax.crypto.Cipher;

class JCETest {
  public static void main(String[] args) {
    try {            
      System.out.println(Cipher.getMaxAllowedKeyLength("AES"));
      System.out.println(Cipher.getMaxAllowedKeyLength("RC5"));
    } catch (Exception e){
      e.printStackTrace();
    }
  }
}

 

If you see 128 in the output, then you have to install or enable JCE. If you do see 2147483647, then JCE files were added and enabled.

 

How to compile and run this program using SAS Private JRE?

  • Create /tmp/JCETest/JCETest.java file with a code shown above.
  • Run these commands:

 

cd /tmp/JCETest/
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/amd64/jli
/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/bin/javac JCETest.java
/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/java JCETest

 

Version history
Last update:
‎09-10-2019 12:12 PM
Updated by:
Contributors

sas-innovate-white.png

Missed SAS Innovate in Orlando?

Catch the best of SAS Innovate 2025 — anytime, anywhere. Stream powerful keynotes, real-world demos, and game-changing insights from the world’s leading data and AI minds.

 

Register now

SAS AI and Machine Learning Courses

The rapid growth of AI technologies is driving an AI skills gap and demand for AI talent. Ready to grow your AI literacy? SAS offers free ways to get started for beginners, business leaders, and analytics professionals of all skill levels. Your future self will thank you.

Get started

Article Tags