Tuesday, May 8, 2012

How to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files


How to over come "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error when invoking secured services

These "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error usually occurs when we try to invoke a web services in a secured manner and your JVM is not provisioned for Java unlimited security jurisdiction.


To provision for the Java unlimited security jurisdiction we have to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.


How to Install JCE

  1. Go to the Oracle Java SE download page http://www.oracle.com/technetwork/java/javase/downloads/index.html
  2. Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File"
  3. Download the version that matches your installed JVM E.g. UnlimitedJCEPolicyJDK7.zip
  4. Unzip the downloaded zip 
  5. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them)
  6. Then restart your application to get rid of this exception.

19 comments:

  1. Another solution ist to execute this:

    try {
    Field field = Class.forName("javax.crypto.JceSecurity").
    getDeclaredField("isRestricted");
    field.setAccessible(true);
    field.set(null, java.lang.Boolean.FALSE);
    } catch (Exception ex) {
    ex.printStackTrace();
    }

    ReplyDelete
    Replies
    1. This is just Great! I was so tired to change them at every java update!

      Delete
    2. I am using java version 1.6.0_35, which doesn't have class javax.crypto.JceSecurity. Any equivalent class in 1.6.0_35 jce.jar?

      Many thanks!

      Delete
    3. Many thanks!! It saves me a tremendous time and releases my stress from completing my task on time!

      Thanks Suho fro creating this blob too!!

      Delete
  2. Hi Suho..

    Thanks you very much.. It helped me :)

    -Sam

    ReplyDelete
  3. Helped! Much thanks.

    ReplyDelete
  4. So the script works and is running, now what?

    ReplyDelete
  5. Hi, I just wanted to check if java 1.7.x supports JCE ? I am trying to install java with jce. Then after installing jdk should I follow the steps you gave me to finish this task ?

    ReplyDelete
  6. Hi. Thank you very much. It worked!

    ReplyDelete
  7. Hi, thanks for the help but I have another question how do I undo or reverse to the previous version of this thing :P

    ReplyDelete
  8. Download from this link

    http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

    ReplyDelete
  9. Hello! This solution is Excellent!! Thank YOU Suhorish!

    ReplyDelete
  10. Excellent Solution!!!
    Thank You Suhorish!

    ReplyDelete
  11. I download JCE file but one thing I could not figure out how to put local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security. Foremost problem is how to find $JAVA_HOME/jre/lib/security. Please help urgent.

    ReplyDelete
  12. Hi Manoj KC. $JAVA_HOME is nothing but the home directory of your jdk.It is the folder where you installed the jdk.most probably it in in C://Program Files/Java folder.

    ReplyDelete