Tuesday, May 8, 2012

How to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files


How to over come "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error when invoking secured services

These "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error usually occurs when we try to invoke a web services in a secured manner and your JVM is not provisioned for Java unlimited security jurisdiction.


To provision for the Java unlimited security jurisdiction we have to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.


How to Install JCE

  1. Go to the Oracle Java SE download page http://www.oracle.com/technetwork/java/javase/downloads/index.html
  2. Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File"
  3. Download the version that matches your installed JVM E.g. UnlimitedJCEPolicyJDK7.zip
  4. Unzip the downloaded zip 
  5. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them)
  6. Then restart your application to get rid of this exception.
Labels: ,

47 comments:

  1. Another solution ist to execute this:

    try {
    Field field = Class.forName("javax.crypto.JceSecurity").
    getDeclaredField("isRestricted");
    field.setAccessible(true);
    field.set(null, java.lang.Boolean.FALSE);
    } catch (Exception ex) {
    ex.printStackTrace();
    }

    ReplyDelete
    Replies

    1. This is just Great! I was so tired to change them at every java update!

      Delete

    2. I am using java version 1.6.0_35, which doesn't have class javax.crypto.JceSecurity. Any equivalent class in 1.6.0_35 jce.jar?

      Many thanks!

      Delete

    3. Many thanks!! It saves me a tremendous time and releases my stress from completing my task on time!

      Thanks Suho fro creating this blob too!!

      Delete

    4. Where do I paste that code?

      Delete

    5. Careful with this Reflection. USA doesn't like exporting high-grade encryption to some countries. Oracle's JCE might have export restrictions. If your code circumvents this in production-code you could cause trouble for yourself

      Delete

  2. Hi Suho..

    Thanks you very much.. It helped me :)

    -Sam

    ReplyDelete

  3. Helped! Much thanks.

    ReplyDelete

  5. So the script works and is running, now what?

    ReplyDelete

  6. Hi, I just wanted to check if java 1.7.x supports JCE ? I am trying to install java with jce. Then after installing jdk should I follow the steps you gave me to finish this task ?

    ReplyDelete

  7. Hi. Thank you very much. It worked!

    ReplyDelete

  8. Hi, thanks for the help but I have another question how do I undo or reverse to the previous version of this thing :P

    ReplyDelete

  10. Download from this link

    http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

    ReplyDelete

  11. Hello! This solution is Excellent!! Thank YOU Suhorish!

    ReplyDelete

  12. Excellent Solution!!!
    Thank You Suhorish!

    ReplyDelete

  13. I download JCE file but one thing I could not figure out how to put local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security. Foremost problem is how to find $JAVA_HOME/jre/lib/security. Please help urgent.

    ReplyDelete

  14. Hi Manoj KC. $JAVA_HOME is nothing but the home directory of your jdk.It is the folder where you installed the jdk.most probably it in in C://Program Files/Java folder.

    ReplyDelete

  17. Thanks a lot, It saved me a lot!!!

    ReplyDelete

  18. Do I put this at the beginning of my encryption code?

    ReplyDelete

  19. Hi Suho, I really need your help. Do I need to restart my machine after adding the new JCE Provider for it to take effect?

    ReplyDelete

  20. Thanks, it's helpful.

    ReplyDelete

  21. Awesome.. I have been trying this for 2-3 days. At last, I could run my program.
    Thanks to you!

    ReplyDelete

  27. I am working in a Digital Signing Server Service. I am looking for the Java code for SHA 512 or RSA, an a DB for public key. Is there that code in the Internet????

    See my Blog blog del Ing. Ernesto Ibáñez

    ReplyDelete

  28. I often get emotionally involved. Like when I read your post, I can cry, laugh, sad, funny, depending on your written words. I think you are a sensitive person.
    baixar facebook l baixar whatsapp l baixar whatsapp l baixar facebook

    ReplyDelete

  30. Thank you for sharing such a nice and interesting blog with us. i have seen that all will say the same thing repeatedly. But in your blog, I had a chance to get some useful and unique information. I would like to suggest your blog in my dude circle.
    Java Training in Chennai

    ReplyDelete

  31. It is a great article. You will surely like this also because it is a great stufff


    Facebook Lite

    ReplyDelete

  32. Thanks for sharing this information and this is really useful to me. Keep updating this information.
    Java Training in Chennai | Java Training | Java Course in Chennai

    ReplyDelete

  34. Hello!! I'am glad to read the whole content of this blog and am very excited.Thank you.
    gclub casino
    goldenslot casino
    goldenslot

    ReplyDelete

  36. How to ensure that the Java Cryptography Extension has been installed?

    ReplyDelete

  38. The article you have shared here very awesome. I really like and appreciated your work. I read deeply your article, the points you have mentioned in this article are useful

    lennyfacetext.com

    ReplyDelete

  39. I like your post. It really useful with me. Thanks for sharing these useful information!
    http://happywheels3game.com

    ReplyDelete

  40. I can feel that the articles contained in this blog is so interesting. I also get a variety informasin, thanks. geometry-dash.net

    ReplyDelete

Subscribe to: Post Comments (Atom)