File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes JCE policy, applet Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "JCE policy, applet" Watch "JCE policy, applet" New topic

JCE policy, applet

Ruben Silva

Joined: Dec 05, 2008
Posts: 1

I work in a european security related company and we are developing an applet that provides the user with a way to encrypt files. Well, as you may now, JCE policy does not permit to encrypt stuff with a 1024 key by default.

To bypass that limitation we need to overwrite some jars in our JRE/lib/security. Since an applet is a client side application when the user tries to encrypt the file with a x509 public key, fails. Installing the libs in the client JRE solve the problem. However the applet is meant to be used by a large audience and can be problematic to make all kinds of users to understand what they have to do in order to make the application work.

So, after some googling I find this post javaranch topic.

Someone has crash into this already but no solution for a more transparent way to bypass encryption policy issue.

Glad for your attention and if you have the answer be nice and share it with me!

Ruben Silva
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
Welcome to JavaRanch.

I don't think it's JCE that doesn't permit strong crypto - it's Sun's default implementation of it (or provider, as JCE calls it). The BouncyCastle provider mentioned in that other thread does not have this limitation. Of course, it, too, must be installed, but this can be done at runtime without the need to copy any files. This will do the trick:

It's possible that the applet needs to be signed in order to allow this.
[ December 05, 2008: Message edited by: Ulf Dittmer ]
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
Well, as you may now, JCE policy does not permit to encrypt stuff with a 1024 key by default.

I don't believe this is true for Java 5 and later.

Nice to meet you.
I agree. Here's the link:
subject: JCE policy, applet
jQuery in Action, 3rd edition