Hello, I am new to this forum and my English is not very well. I have the following problem. I wish to use unlimited cryptography within an applet. I know, if I want to use unlimited crypto I have to install the unlimited jurisdiction policy files. Because mostly the JRE is installed under c:\programm files, where a normal user would not have the right to write, it is not very convenient to ask an admin for every workstation to install the unlimited jurisdiction policy files. Is there anyway to use unlimited crypto without touching the clients JRE?!?!
Is it possible to install the unlimited jurisdiction policy files in another location on client at runtime???
Maybe I can use an alternate JCE (BC or GNU)? But how? I think I can not install a new javax.crypto* from an applet? Maybe it�s possible to user another packet name?
Or is it possible to use the cipher functionality of a provider outside the JCE?
Have somebody had the same problem before? Any answer is very welcome!
Regards from Berlin! [ March 16, 2008: Message edited by: Dustin Schmitz ]
On your way in you may have missed that we have a policy on screen names here at JavaRanch. Basically, it must consist of a first name, a space, and a last name, and not be obviously fictitious. Since yours does not conform with it, please take a moment to change it, which you can do right here.
I just went through this, in fact am not completely through understanding the matter: The solution that I used was to drop the jar from the provider in an extensions folder in the jdk, which as I recall looks something like lib/ext - you can find it with moderate effort. At that point, the compiler will look in that jar along with others in that folder and can accomplish compile-time inclusion of the functionality.
The sun package now supports most of the functionality.
The policy files of the worksations probably have to allow it.
These folks that do crypto have a lot riding on the matter and know about search order of the policy files and crypto import/export regulations, so I expect that crypto implementations will check the policy files. It is remarkable what cryptographers know about how the machine works.
If you have further needs, I suggest posting in the Security form at Java Ranch Saloon - people seem to be informed about the matter in that discussion board.
"The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
Joined: Sep 17, 2006
Oops, I just got my first build using the advice I gave:
I have not read the policy files.
Joined: Mar 16, 2008
The installation and the use of the provider(s) is not my problem. My problem is, that I want to use unlimited crypto without installing the sun unlimited policy files in the default location. The default location is under c:\programm file\java and only admins are allowed to write here.
- Is it possible to install the Unlimited Strength Jurisdiction Policy Files in another location where users can also write?
- Or is it possible to use an alternate JCE. But how?
Maybe I've found a solution. BouncyCastel has a lightwight-API wich works outside the JCE (Restrictions).I'll try it tomorrow.
Joined: Sep 17, 2006
Sounds good. If we continue, move to java ranch's security forum. Also, I saw in Jason Weiss' book that there are ways of installing providers at runtime. I have not acclimatized to the nomenclature and how it is done, but probably represents an approach you should consider alongside other approaches. The default java crypto is entirely strong enough for all but finanacials and critical infrastructure, and as well I read unlimited strength crypto is now default. BC is popular, must be a reason.
Read Jason Weiss' book, it will tell the tale.
subject: crypto with jce / without jce (jurisdiction policy)