55 lines
2.3 KiB
Plaintext
55 lines
2.3 KiB
Plaintext
|
|
Java(TM) Cryptography Extension Policy Files
|
|
for the Java(TM) Platform, Standard Edition Runtime Environment
|
|
|
|
README
|
|
------------------------------------------------------------------------
|
|
|
|
Import and export control rules on cryptographic software vary from
|
|
country to country. The Java Cryptography Extension (JCE) architecture
|
|
allows flexible cryptographic key strength to be configured via the
|
|
jurisdiction policy files which are referenced by the "crypto.policy"
|
|
security property in the <java-home>/conf/security/java.security file.
|
|
|
|
By default, Java provides two different sets of cryptographic policy
|
|
files:
|
|
|
|
unlimited: These policy files contain no restrictions on cryptographic
|
|
strengths or algorithms
|
|
|
|
limited: These policy files contain more restricted cryptographic
|
|
strengths
|
|
|
|
These files reside in <java-home>/conf/security/policy in the "unlimited"
|
|
or "limited" subdirectories respectively.
|
|
|
|
Each subdirectory contains a complete policy configuration,
|
|
and subdirectories can be added/edited/removed to reflect your
|
|
import or export control product requirements.
|
|
|
|
Within a subdirectory, the effective policy is the combined minimum
|
|
permissions of the grant statements in the file(s) matching the filename
|
|
pattern "default_*.policy". At least one grant is required. For example:
|
|
|
|
limited = Export (all) + Import (limited) = Limited
|
|
unlimited = Export (all) + Import (all) = Unlimited
|
|
|
|
The effective exemption policy is the combined minimum permissions
|
|
of the grant statements in the file(s) matching the filename pattern
|
|
"exempt_*.policy". Exemption grants are optional. For example:
|
|
|
|
limited = grants exemption permissions, by which the
|
|
effective policy can be circumvented.
|
|
e.g. KeyRecovery/KeyEscrow/KeyWeakening.
|
|
|
|
Please see the Java Cryptography Architecture (JCA) documentation for
|
|
additional information on these files and formats.
|
|
|
|
YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
|
|
TO DETERMINE THE EXACT REQUIREMENTS.
|
|
|
|
Please note that the JCE for Java SE, including the JCE framework,
|
|
cryptographic policy files, and standard JCE providers provided with
|
|
the Java SE, have been reviewed and approved for export as mass market
|
|
encryption item by the US Bureau of Industry and Security.
|