What are unlimited strength policy files in Java used for?
The Java Cryptography Extension (JCE) is an application program interface (API) that provides a uniform framework for the implementation of security features in Java. JCE supports several applications in digital security, such as the following:
If you are using SAS 9.4, maintenance release version less than 6, you have to add JCE files manually, usually inside /SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/security/ directory.
Beginning with the sixth maintenance release of SAS 9.4 (SAS 9.4M6), the SAS Private JRE is based on Java 8 technology. In Java 8, the Unlimited Strength Jurisdiction Policy files are included by default, but they might not be enabled though. To enable it, you need to edit the /SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/security/java.security file and uncomment or include the line:
crypto.policy=unlimited
Please note that JDK 1.8.0_161 enables unlimited strength encryption by default, so you do not have to edit any files.
The easiest way is to write, compile and run a simple Java program that prints maximum allowed key length for AES and RC5:
import javax.crypto.Cipher;
class JCETest {
public static void main(String[] args) {
try {
System.out.println(Cipher.getMaxAllowedKeyLength("AES"));
System.out.println(Cipher.getMaxAllowedKeyLength("RC5"));
} catch (Exception e){
e.printStackTrace();
}
}
}
If you see 128 in the output, then you have to install or enable JCE. If you do see 2147483647, then JCE files were added and enabled.
cd /tmp/JCETest/
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/amd64/jli
/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/bin/javac JCETest.java
/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/java JCETest
Registration is open! SAS is returning to Vegas for an AI and analytics experience like no other! Whether you're an executive, manager, end user or SAS partner, SAS Innovate is designed for everyone on your team. Register for just $495 by 12/31/2023.
If you are interested in speaking, there is still time to submit a session idea. More details are posted on the website.
Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning and boost your career prospects.