How to Install the Unlimited JCE Policy in the JDK and Check if JCE is Enabled

AtScale bundles the Oracle JDK within the shared folder of an install.  Oracle does not include the unlimited JCE as the OpenJDK versions do.  It may be necessary to install the unlimited JCE in the AtScale-provided JDK or the system JDK being used to run AtScale.

The first step is downloading the Unlimited JCE files from Oracle.  This should be in the form of a .zip archive.  The archive should contain a US_export_policy.jar and a local_policy.jar.  These files should replace the ones in your JDK or the AtScale JDK.  Below is an example output of the location for the AtScale JDK, which shows the files replaced (RENAMED WITH .IGNORE)

atscale@vm-cluster-node3:/opt/atscale/versions/2020.3.1.2003/pkg/jdk1.8.0_181/jre/lib/security/ $ ls -ltrh
total 176K
-rw-r--r-- 1 atscaler atscaler    0 Aug 12 03:12 trusted.libraries
-rw-r--r-- 1 atscaler atscaler   98 Aug 12 03:12 javaws.policy
-rw-r--r-- 1 atscaler atscaler  41K Aug 12 03:12 java.security
-rw-r--r-- 1 atscaler atscaler 2.5K Aug 12 03:12 java.policy
-rw-r--r-- 1 atscaler atscaler 113K Aug 12 03:12 cacerts
-rw-r--r-- 1 atscaler atscaler 1.3K Aug 12 03:12 blacklisted.certs
-rw-r--r-- 1 atscaler atscaler 4.0K Aug 12 03:12 blacklist
drwxr-xr-x 4 atscaler atscaler   38 Aug 12 03:18 policy

Once this is completed, a check can be done to see if the unlimited policy exists.  This must be done in the location of jrunscript as in the below example. It will return true if it has been applied correctly.

atscale@vm-cluster-node3:/opt/atscale/versions/2020.3.1.2003/pkg/jdk1.8.0_181/bin/$ ./jrunscript -e 'print (javax.crypto.Cipher.getMaxAllowedKeyLength("RC5") >= 256);'

true

Was this article helpful?

0 out of 0 found this helpful