BookmarkSubscribeRSS Feed

What are unlimited strength policy files in Java used for?

Started ‎09-10-2019 by
Modified ‎09-10-2019 by
Views 6,206

Question

What are unlimited strength policy files in Java used for?

Answer

The Java Cryptography Extension (JCE) is an application program interface (API) that provides a uniform framework for the implementation of security features in Java. JCE supports several applications in digital security, such as the following:

 

  • Symmetric ciphers
  • Asymmetric ciphers
  • Stream ciphers
  • Block ciphers
  • Key generation
  • Key storage
  • Key retrieval
  • Secure streams
  • Sealed objects
  • Digital signatures
  • Message Authentication Code (MAC) algorithms

If you are using SAS 9.4, maintenance release version less than 6, you have to add JCE files manually, usually inside /SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/security/ directory.

 

Beginning with the sixth maintenance release of SAS 9.4 (SAS 9.4M6), the SAS Private JRE is based on Java 8 technology. In Java 8, the Unlimited Strength Jurisdiction Policy files are included by default, but they might not be enabled though. To enable it, you need to edit the /SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/security/java.security file and uncomment or include the line:

 

crypto.policy=unlimited

 

 

Please note that JDK 1.8.0_161 enables unlimited strength encryption by default, so you do not have to edit any files.

 

How to verify that JCE files were installed and enabled?


The easiest way is to write, compile and run a simple Java program that prints maximum allowed key length for AES and RC5:

 

import javax.crypto.Cipher;

class JCETest {
  public static void main(String[] args) {
    try {            
      System.out.println(Cipher.getMaxAllowedKeyLength("AES"));
      System.out.println(Cipher.getMaxAllowedKeyLength("RC5"));
    } catch (Exception e){
      e.printStackTrace();
    }
  }
}

 

If you see 128 in the output, then you have to install or enable JCE. If you do see 2147483647, then JCE files were added and enabled.

 

How to compile and run this program using SAS Private JRE?

  • Create /tmp/JCETest/JCETest.java file with a code shown above.
  • Run these commands:

 

cd /tmp/JCETest/
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/amd64/jli
/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/bin/javac JCETest.java
/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/java JCETest

 

Contributors
Version history
Last update:
‎09-10-2019 12:12 PM
Updated by:

hackathon24-white-horiz.png

2025 SAS Hackathon: There is still time!

Good news: We've extended SAS Hackathon registration until Sept. 12, so you still have time to be part of our biggest event yet – our five-year anniversary!

Register Now

SAS AI and Machine Learning Courses

The rapid growth of AI technologies is driving an AI skills gap and demand for AI talent. Ready to grow your AI literacy? SAS offers free ways to get started for beginners, business leaders, and analytics professionals of all skill levels. Your future self will thank you.

Get started

Article Tags