Tuesday, May 8, 2012

How to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files


How to over come "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error when invoking secured services

These "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error usually occurs when we try to invoke a web services in a secured manner and your JVM is not provisioned for Java unlimited security jurisdiction.


To provision for the Java unlimited security jurisdiction we have to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.


How to Install JCE

  1. Go to the Oracle Java SE download page http://www.oracle.com/technetwork/java/javase/downloads/index.html
  2. Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File"
  3. Download the version that matches your installed JVM E.g. UnlimitedJCEPolicyJDK7.zip
  4. Unzip the downloaded zip 
  5. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them)
  6. Then restart your application to get rid of this exception.
Labels: ,

65 comments:

  1. Another solution ist to execute this:

    try {
    Field field = Class.forName("javax.crypto.JceSecurity").
    getDeclaredField("isRestricted");
    field.setAccessible(true);
    field.set(null, java.lang.Boolean.FALSE);
    } catch (Exception ex) {
    ex.printStackTrace();
    }

    ReplyDelete
    Replies

    1. This is just Great! I was so tired to change them at every java update!

      Delete

    2. I am using java version 1.6.0_35, which doesn't have class javax.crypto.JceSecurity. Any equivalent class in 1.6.0_35 jce.jar?

      Many thanks!

      Delete

    3. Many thanks!! It saves me a tremendous time and releases my stress from completing my task on time!

      Thanks Suho fro creating this blob too!!

      Delete

    4. Where do I paste that code?

      Delete

    5. Careful with this Reflection. USA doesn't like exporting high-grade encryption to some countries. Oracle's JCE might have export restrictions. If your code circumvents this in production-code you could cause trouble for yourself

      Delete

  2. Hi Suho..

    Thanks you very much.. It helped me :)

    -Sam

    ReplyDelete

  3. Helped! Much thanks.

    ReplyDelete

  5. So the script works and is running, now what?

    ReplyDelete

  6. Hi, I just wanted to check if java 1.7.x supports JCE ? I am trying to install java with jce. Then after installing jdk should I follow the steps you gave me to finish this task ?

    ReplyDelete

  7. Hi. Thank you very much. It worked!

    ReplyDelete

  8. Hi, thanks for the help but I have another question how do I undo or reverse to the previous version of this thing :P

    ReplyDelete

  10. Download from this link

    http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

    ReplyDelete

  11. Hello! This solution is Excellent!! Thank YOU Suhorish!

    ReplyDelete

  12. Excellent Solution!!!
    Thank You Suhorish!

    ReplyDelete

  13. I download JCE file but one thing I could not figure out how to put local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security. Foremost problem is how to find $JAVA_HOME/jre/lib/security. Please help urgent.

    ReplyDelete

  14. Hi Manoj KC. $JAVA_HOME is nothing but the home directory of your jdk.It is the folder where you installed the jdk.most probably it in in C://Program Files/Java folder.

    ReplyDelete

  17. Thanks a lot, It saved me a lot!!!

    ReplyDelete

  18. Do I put this at the beginning of my encryption code?

    ReplyDelete

  19. Hi Suho, I really need your help. Do I need to restart my machine after adding the new JCE Provider for it to take effect?

    ReplyDelete

  20. Thanks, it's helpful.

    ReplyDelete

  21. Awesome.. I have been trying this for 2-3 days. At last, I could run my program.
    Thanks to you!

    ReplyDelete

  27. I am working in a Digital Signing Server Service. I am looking for the Java code for SHA 512 or RSA, an a DB for public key. Is there that code in the Internet????

    See my Blog blog del Ing. Ernesto Ibáñez

    ReplyDelete

  28. I often get emotionally involved. Like when I read your post, I can cry, laugh, sad, funny, depending on your written words. I think you are a sensitive person.
    baixar facebook l baixar whatsapp l baixar whatsapp l baixar facebook

    ReplyDelete

  30. Thank you for sharing such a nice and interesting blog with us. i have seen that all will say the same thing repeatedly. But in your blog, I had a chance to get some useful and unique information. I would like to suggest your blog in my dude circle.
    Java Training in Chennai

    ReplyDelete

  31. It is a great article. You will surely like this also because it is a great stufff


    Facebook Lite

    ReplyDelete

  32. Thanks for sharing this information and this is really useful to me. Keep updating this information.
    Java Training in Chennai | Java Training | Java Course in Chennai

    ReplyDelete

  34. Hello!! I'am glad to read the whole content of this blog and am very excited.Thank you.
    gclub casino
    goldenslot casino
    goldenslot

    ReplyDelete

  36. How to ensure that the Java Cryptography Extension has been installed?

    ReplyDelete

  38. The article you have shared here very awesome. I really like and appreciated your work. I read deeply your article, the points you have mentioned in this article are useful

    lennyfacetext.com

    ReplyDelete

  39. I like your post. It really useful with me. Thanks for sharing these useful information!
    http://happywheels3game.com

    ReplyDelete

  40. I can feel that the articles contained in this blog is so interesting. I also get a variety informasin, thanks. geometry-dash.net

    ReplyDelete

  42. Nice and good article.. it is very useful for me to learn and understand easily.. thanks for sharing your valuable information and time.. please keep updating.

    Java Training in chennai

    ReplyDelete

  43. Thanks for the information you shared. Please share useful information with your friends regularly
    papasgamesonline.com

    ReplyDelete

  44. Thank you for taking the time and sharing this information with us. It was indeed very helpful and insightful while being straight forward and to the point.
    www.mcdonaldsgutscheine.net | www.startlr.com | www.saludlimpia.com

    ReplyDelete

  45. I was very impressed by this post, this site has always been pleasant news. Thank you very much for such an interesting post. Keep working, great job! In my free time, I like play game: facebooklite.com.br. What about you?

    ReplyDelete

  46. Great post,Thanks for providing us this great knowledge,Keep it up.
    run3unblockedgame.com

    ReplyDelete

  47. PROMO MERDEKA !!! Bonus 5-10% utk member setia BolaUtama.net Join Now Bocoran SGPnya Jitu 99% ! Proses Depo & WD Tercepat! 1 ID utk Bola,Togel, Casino,Poker Dll

    Silahkan kunjungi situs : Bolautama.com / Bolautama.net ya Bosku ^^

    http://www.cumiblogger.com/2017/08/bolautamacom-agen-piala-eropa-agen-judi.html
    http://www.jakartaviral.com/2017/08/babak-i-watford-dua-kali-robek-gawang.html
    http://www.cumiseo.com/2017/08/bolautamacom-agen-piala-eropa-agen-judi_12.html
    http://bandartogelasli.logdown.com/posts/2159551
    http://biniorang.logdown.com/posts/2159568
    http://masterjudi.logdown.com/posts/2161666
    http://anitasherly.logdown.com/posts/2161703-liga-inggris
    https://vebby2000.wordpress.com/2017/08/13/tim-yang-harganya-lebih-murah-dari-lukaku-pimpin-klasemen-liga-inggris/
    http://menangbandarq.hatenablog.com/entry/2017/08/13/145156
    http://dewihoki.hatenablog.com/entry/2017/08/13/144018
    http://rajahoki.hatenablog.com/entry/2017/08/13/145946

    Liga Inggris
    Agen Judi Bola































    ReplyDelete

  48. Alot of blogs I see these days don't really provide anything that I'm interested in, but I'm most definately interested in this one. Just thought that I would post and let you know. Nice! thank you so much! Thank you for sharing.
    b612az.com

    ReplyDelete

  50. Thank you very much for the information you shared, it’s all I’ve been looking for
    www.happywheels-2.com

    ReplyDelete

  51. Thank you, so Much admin have a nice day :) you information about weight loss is very easy and simple.
    pocafashion

    ReplyDelete

  52. I am looking for my memories through the stories, the narrative of people. I feel it is difficult but I will try.
    povaup

    ReplyDelete

  53. I appreciate you and hopping for some more informative posts. thanks for share
    run3.run

    ReplyDelete

  54. I have read your article, the information you give is very interesting.
    pocatravel

    ReplyDelete

  55. Your article is very interesting. I think this article has a lot of information needed, looking forward to your new posts. Get permission to share:
    returnman3game.com

    ReplyDelete

  56. I understand what you bring it very meaningful and useful, thanks.
    instagram viewer images

    ReplyDelete

  57. Your post is interesting. Hope you have more useful posts like this
    vex3.games

    ReplyDelete

  58. Somebody who need windows key click: www.vanskeys.com to got. here i got a working key on my windows about activator. and after i used my windows works properly. hope it help you.

    ReplyDelete

Subscribe to: Post Comments (Atom)