cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed

What are unlimited strength policy files in Java used for?

Started ‎09-10-2019 by
Modified ‎09-10-2019 by
Views 5,208

Question

What are unlimited strength policy files in Java used for?

Answer

The Java Cryptography Extension (JCE) is an application program interface (API) that provides a uniform framework for the implementation of security features in Java. JCE supports several applications in digital security, such as the following:

 

  • Symmetric ciphers
  • Asymmetric ciphers
  • Stream ciphers
  • Block ciphers
  • Key generation
  • Key storage
  • Key retrieval
  • Secure streams
  • Sealed objects
  • Digital signatures
  • Message Authentication Code (MAC) algorithms

If you are using SAS 9.4, maintenance release version less than 6, you have to add JCE files manually, usually inside /SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/security/ directory.

 

Beginning with the sixth maintenance release of SAS 9.4 (SAS 9.4M6), the SAS Private JRE is based on Java 8 technology. In Java 8, the Unlimited Strength Jurisdiction Policy files are included by default, but they might not be enabled though. To enable it, you need to edit the /SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/security/java.security file and uncomment or include the line:

 

crypto.policy=unlimited

 

 

Please note that JDK 1.8.0_161 enables unlimited strength encryption by default, so you do not have to edit any files.

 

How to verify that JCE files were installed and enabled?


The easiest way is to write, compile and run a simple Java program that prints maximum allowed key length for AES and RC5:

 

import javax.crypto.Cipher;

class JCETest {
  public static void main(String[] args) {
    try {            
      System.out.println(Cipher.getMaxAllowedKeyLength("AES"));
      System.out.println(Cipher.getMaxAllowedKeyLength("RC5"));
    } catch (Exception e){
      e.printStackTrace();
    }
  }
}

 

If you see 128 in the output, then you have to install or enable JCE. If you do see 2147483647, then JCE files were added and enabled.

 

How to compile and run this program using SAS Private JRE?

  • Create /tmp/JCETest/JCETest.java file with a code shown above.
  • Run these commands:

 

cd /tmp/JCETest/
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/amd64/jli
/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/bin/javac JCETest.java
/SASHome/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/java JCETest

 

Version history
Last update:
‎09-10-2019 12:12 PM
Updated by:
SAS Employee
Contributors

sas-innovate-2024.png

Available on demand!

Missed SAS Innovate Las Vegas? Watch all the action for free! View the keynotes, general sessions and 22 breakouts on demand.

 

Register now!

Free course: Data Literacy Essentials

Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning  and boost your career prospects.

Get Started

Article Labels
Article Tags