|
|
|
Java(TM) Cryptography Extension Policy Files |
|
for the Java(TM) Platform, Standard Edition Runtime Environment |
|
|
|
README |
|
------------------------------------------------------------------------ |
|
|
|
Import and export control rules on cryptographic software vary from |
|
country to country. The Java Cryptography Extension (JCE) architecture |
|
allows flexible cryptographic key strength to be configured via the |
|
jurisdiction policy files which are referenced by the "crypto.policy" |
|
security property in the <java-home>/conf/security/java.security file. |
|
|
|
By default, Java provides two different sets of cryptographic policy |
|
files: |
|
|
|
unlimited: These policy files contain no restrictions on cryptographic |
|
strengths or algorithms |
|
|
|
limited: These policy files contain more restricted cryptographic |
|
strengths |
|
|
|
These files reside in <java-home>/conf/security/policy in the "unlimited" |
|
or "limited" subdirectories respectively. |
|
|
|
Each subdirectory contains a complete policy configuration, |
|
and subdirectories can be added/edited/removed to reflect your |
|
import or export control product requirements. |
|
|
|
Within a subdirectory, the effective policy is the combined minimum |
|
permissions of the grant statements in the file(s) matching the filename |
|
pattern "default_*.policy". At least one grant is required. For example: |
|
|
|
limited = Export (all) + Import (limited) = Limited |
|
unlimited = Export (all) + Import (all) = Unlimited |
|
|
|
The effective exemption policy is the combined minimum permissions |
|
of the grant statements in the file(s) matching the filename pattern |
|
"exempt_*.policy". Exemption grants are optional. For example: |
|
|
|
limited = grants exemption permissions, by which the |
|
effective policy can be circumvented. |
|
e.g. KeyRecovery/KeyEscrow/KeyWeakening. |
|
|
|
Please see the Java Cryptography Architecture (JCA) documentation for |
|
additional information on these files and formats. |
|
|
|
YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY |
|
TO DETERMINE THE EXACT REQUIREMENTS. |
|
|
|
Please note that the JCE for Java SE, including the JCE framework, |
|
cryptographic policy files, and standard JCE providers provided with |
|
the Java SE, have been reviewed and approved for export as mass market |
|
encryption item by the US Bureau of Industry and Security. |
|
|