aspose file tools*
The moose likes Java in General and the fly likes crypto with jce / without jce (jurisdiction policy) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "crypto with jce / without jce (jurisdiction policy)" Watch "crypto with jce / without jce (jurisdiction policy)" New topic
Author

crypto with jce / without jce (jurisdiction policy)

Dustin Schmitz
Greenhorn

Joined: Mar 16, 2008
Posts: 2
Hello, I am new to this forum and my English is not very well. I have the following problem. I wish to use unlimited cryptography within an applet. I know, if I want to use unlimited crypto I have to install the unlimited jurisdiction policy files. Because mostly the JRE is installed under c:\programm files, where a normal user would not have the right to write, it is not very convenient to ask an admin for every workstation to install the unlimited jurisdiction policy files. Is there anyway to use unlimited crypto without touching the clients JRE?!?!


Is it possible to install the unlimited jurisdiction policy files in another location on client at runtime???

Maybe I can use an alternate JCE (BC or GNU)? But how? I think I can not install a new javax.crypto* from an applet? Maybe it�s possible to user another packet name?

Or is it possible to use the cipher functionality of a provider outside the JCE?


Have somebody had the same problem before? Any answer is very welcome!


Regards from Berlin!
[ March 16, 2008: Message edited by: Dustin Schmitz ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
Hello "rudolf renntier"-

Welcome to JavaRanch.

On your way in you may have missed that we have a policy on screen names here at JavaRanch. Basically, it must consist of a first name, a space, and a last name, and not be obviously fictitious. Since yours does not conform with it, please take a moment to change it, which you can do right here.


Ping & DNS - updated with new look and Ping home screen widget
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
I just went through this, in fact am not completely through understanding the matter: The solution that I used was to drop the jar from the provider in an extensions folder in the jdk, which as I recall looks something like lib/ext - you can find it with moderate effort. At that point, the compiler will look in that jar along with others in that folder and can accomplish compile-time inclusion of the functionality.

  •   The sun package now supports most of the functionality.
  •   The policy files of the worksations probably have to allow it.


  • These folks that do crypto have a lot riding on the matter and know about search order of the policy files and crypto import/export regulations, so I expect that crypto implementations will check the policy files. It is remarkable what cryptographers know about how the machine works.

    If you have further needs, I suggest posting in the Security form at Java Ranch Saloon - people seem to be informed about the matter in that discussion board.


    "The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
    Nicholas Jordan
    Ranch Hand

    Joined: Sep 17, 2006
    Posts: 1282
    Oops, I just got my first build using the advice I gave:




    I have not read the policy files.
    Dustin Schmitz
    Greenhorn

    Joined: Mar 16, 2008
    Posts: 2
    The installation and the use of the provider(s) is not my problem. My problem is, that I want to use unlimited crypto without installing the sun unlimited policy files in the default location. The default location is under c:\programm file\java and only admins are allowed to write here.

    - Is it possible to install the Unlimited Strength Jurisdiction Policy Files in another location where users can also write?

    - Or is it possible to use an alternate JCE. But how?


    Maybe I've found a solution. BouncyCastel has a lightwight-API wich works outside the JCE (Restrictions).I'll try it tomorrow.
    Nicholas Jordan
    Ranch Hand

    Joined: Sep 17, 2006
    Posts: 1282
    Sounds good. If we continue, move to java ranch's security forum. Also, I saw in Jason Weiss' book that there are ways of installing providers at runtime. I have not acclimatized to the nomenclature and how it is done, but probably represents an approach you should consider alongside other approaches. The default java crypto is entirely strong enough for all but finanacials and critical infrastructure, and as well I read unlimited strength crypto is now default. BC is popular, must be a reason.

    Read Jason Weiss' book, it will tell the tale.
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: crypto with jce / without jce (jurisdiction policy)
     
    Similar Threads
    JCE policy, applet
    JCA jars in SDK
    AES256, cryptoPerms and Unlimited Cryptography
    Invalid Key Lenght
    Exception in thread "main" java.security.InvalidKeyException: