17

Possible Duplicate:
Check for JCE Unlimited Strength Jurisdiction Policy files

I'm working on a project where I need to install the "Java Cryptography Extension" (JCE), which I think I've done. I followed the instructions here:

http://suhothayan.blogspot.com/2012/05/how-to-install-java-cryptography.html

Is there any way to verify that I've installed it correctly - some of the tests that I am running indicate that it's not.

Turns out my question is a duplicate of the following, and the accepted solution works perfectly:

Check for JCE Unlimited Strength Jurisdiction Policy files

Community
  • 1
  • 1
Nathan
  • 1,396
  • 3
  • 18
  • 32
  • this is perfect, thanks. Do you want to add this as an answer so I can accept officially? – Nathan Nov 05 '12 at 18:58
  • @Nathan A reference to a dupe isn't really a valid answer. If the duplicate solves your problem, this question should be closed and merged with the original. – millimoose Nov 05 '12 at 19:12
  • @millimoose is there a way to do that? I'm a bit new to posting questions on stackoverflow – Nathan Nov 05 '12 at 19:16
  • @Nathan The closing happens automatically when 5 people vote to close the question. (This can only be done if you have enough rep, otherwise you can only flag a question for moderator review.) A moderator can also do this, as well as the merge. – millimoose Nov 05 '12 at 19:21
  • assylias left the answer I needed in the comments - this is a dupe that was answered here: http://stackoverflow.com/questions/11538746/check-for-jce-unlimited-strength-jurisdiction-policy-files – Nathan Nov 05 '12 at 19:01

2 Answers2

14

Here is a more modern Java implementation

import java.security.Provider;
import java.security.Security;
import java.util.Arrays;

public class ShowCryptoProviders
{
    private static final String EOL = System.getProperty("line.separator");

    public static void main(final String[] args)
    {
        final Provider[] providers = Security.getProviders();
        final Boolean verbose = Arrays.asList(args).contains("-v");
        for (final Provider p : providers)
        {
            System.out.format("%s %s%s", p.getName(), p.getVersion(), EOL);
            for (final Object o : p.keySet())
            {
                if (verbose)
                {
                    System.out.format("\t%s : %s%s", o, p.getProperty((String)o), EOL);
                }
            }
        }
    }
}

I can't imagine that something in here can't tell you what you need to know. If it doesn't just test for "Unlimited Strength" by checking the Cypher.getMaxAllowedKeyLength() it should return a very large number well above 128.

Use -v ( verbose ) to get the following output.

SunJCE 1.7
    Cipher.Blowfish SupportedKeyFormats : RAW
        AlgorithmParameters.DESede : com.sun.crypto.provider.DESedeParameters
        AlgorithmParameters.DES : com.sun.crypto.provider.DESParameters
        Cipher.DES SupportedPaddings : NOPADDING|PKCS5PADDING|ISO10126PADDING
        AlgorithmParameters.Blowfish : com.sun.crypto.provider.BlowfishParameters
        Cipher.DESedeWrap SupportedKeyFormats : RAW
        Alg.Alias.KeyAgreement.1.2.840.113549.1.3.1 : DiffieHellman
        AlgorithmParameterGenerator.DiffieHellman : com.sun.crypto.provider.DHParameterGenerator
        Cipher.RSA SupportedPaddings : NOPADDING|PKCS1PADDING|OAEPWITHMD5ANDMGF1PADDING|OAEPWITHSHA1ANDMGF1PADDING|OAEPWITHSHA-1ANDMGF1PADDING|OAEPWITHSHA-256ANDMGF1PADDING|OAEPWITHSHA-384ANDMGF1PADDING|OAEPWITHSHA-512ANDMGF1PADDING
        Alg.Alias.Cipher.TripleDES : DESede
        Cipher.ARCFOUR SupportedModes : ECB
        Mac.SslMacSHA1 SupportedKeyFormats : RAW
        KeyGenerator.DES : com.sun.crypto.provider.DESKeyGenerator
        Provider.id version : 1.7
        KeyGenerator.DESede : com.sun.crypto.provider.DESedeKeyGenerator
        Alg.Alias.SecretKeyFactory.PBE : PBEWithMD5AndDES
        Alg.Alias.KeyFactory.1.2.840.113549.1.3.1 : DiffieHellman
        Mac.HmacSHA1 : com.sun.crypto.provider.HmacSHA1
        Cipher.PBEWithMD5AndDES : com.sun.crypto.provider.PBEWithMD5AndDESCipher
        Cipher.AES SupportedModes : ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128
        Cipher.AESWrap SupportedModes : ECB
        SecretKeyFactory.DESede : com.sun.crypto.provider.DESedeKeyFactory
        KeyGenerator.SunTlsKeyMaterial : com.sun.crypto.provider.TlsKeyMaterialGenerator
        AlgorithmParameters.OAEP : com.sun.crypto.provider.OAEPParameters
        Cipher.AES SupportedKeyFormats : RAW
        AlgorithmParameters.RC2 : com.sun.crypto.provider.RC2Parameters
        AlgorithmParameters.PBE : com.sun.crypto.provider.PBEParameters
        Alg.Alias.KeyPairGenerator.DH : DiffieHellman
        Alg.Alias.KeyAgreement.OID.1.2.840.113549.1.3.1 : DiffieHellman
        Cipher.AES : com.sun.crypto.provider.AESCipher
        KeyGenerator.RC2 : com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator
        Mac.HmacSHA512 : com.sun.crypto.provider.HmacCore$HmacSHA512
        Provider.id info : SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)
        Cipher.AES SupportedPaddings : NOPADDING|PKCS5PADDING|ISO10126PADDING
        Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.12.1.6 : PBEWithSHA1AndRC2_40
        Cipher.Blowfish SupportedPaddings : NOPADDING|PKCS5PADDING|ISO10126PADDING
        Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.12.1.3 : PBEWithSHA1AndDESede
        Alg.Alias.KeyGenerator.SunTls12KeyMaterial : SunTlsKeyMaterial
        KeyStore.JCEKS : com.sun.crypto.provider.JceKeyStore
        Cipher.Blowfish SupportedModes : ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64
        Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.12 : PBKDF2WithHmacSHA1
        Mac.HmacSHA384 SupportedKeyFormats : RAW
        Cipher.DESedeWrap : com.sun.crypto.provider.DESedeWrapCipher
        Cipher.ARCFOUR SupportedPaddings : NOPADDING
        Alg.Alias.KeyPairGenerator.1.2.840.113549.1.3.1 : DiffieHellman
        Cipher.PBEWithMD5AndTripleDES : com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher
        Alg.Alias.Cipher.1.2.840.113549.1.12.1.6 : PBEWithSHA1AndRC2_40
        Alg.Alias.Cipher.1.2.840.113549.1.12.1.3 : PBEWithSHA1AndDESede
        Mac.HmacSHA256 SupportedKeyFormats : RAW
        Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret : SunTlsRsaPremasterSecret
        Alg.Alias.AlgorithmParameterGenerator.1.2.840.113549.1.3.1 : DiffieHellman
        Cipher.PBEWithSHA1AndDESede : com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede
        Alg.Alias.KeyGenerator.SunTls12MasterSecret : SunTlsMasterSecret
        SecretKeyFactory.PBEWithMD5AndDES : com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES
        KeyPairGenerator.DiffieHellman : com.sun.crypto.provider.DHKeyPairGenerator
        Cipher.RC2 SupportedModes : ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64
        Alg.Alias.AlgorithmParameters.Rijndael : AES
        KeyAgreement.DiffieHellman SupportedKeyClasses : javax.crypto.interfaces.DHPublicKey|javax.crypto.interfaces.DHPrivateKey
        Mac.HmacMD5 SupportedKeyFormats : RAW
        KeyGenerator.SunTlsRsaPremasterSecret : com.sun.crypto.provider.TlsRsaPremasterSecretGenerator
        Cipher.AESWrap SupportedKeyFormats : RAW
        SecretKeyFactory.DES : com.sun.crypto.provider.DESKeyFactory
        Cipher.AESWrap SupportedPaddings : NOPADDING
        Provider.id name : SunJCE
        KeyGenerator.HmacSHA512 : com.sun.crypto.provider.KeyGeneratorCore$HmacSHA512KG
        Mac.HmacSHA256 : com.sun.crypto.provider.HmacCore$HmacSHA256
        Cipher.ARCFOUR SupportedKeyFormats : RAW
        Cipher.DES SupportedModes : ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64
        Cipher.RSA SupportedKeyClasses : java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
        SecretKeyFactory.PBEWithMD5AndTripleDES : com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES
        Cipher.PBEWithSHA1AndRC2_40 : com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40
        AlgorithmParameters.DiffieHellman : com.sun.crypto.provider.DHParameters
        Mac.HmacMD5 : com.sun.crypto.provider.HmacMD5
        Cipher.RSA : com.sun.crypto.provider.RSACipher
        Mac.SslMacMD5 : com.sun.crypto.provider.SslMacCore$SslMacMD5
        Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.5.3 : PBEWithMD5AndDES
        Cipher.DESede SupportedPaddings : NOPADDING|PKCS5PADDING|ISO10126PADDING
        Alg.Alias.AlgorithmParameterGenerator.OID.1.2.840.113549.1.3.1 : DiffieHellman
        Cipher.DESede : com.sun.crypto.provider.DESedeCipher
        Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.3.1 : DiffieHellman
        Alg.Alias.AlgorithmParameters.1.2.840.113549.1.5.3 : PBEWithMD5AndDES
        Mac.HmacSHA512 SupportedKeyFormats : RAW
        Mac.HmacPBESHA1 SupportedKeyFormats : RAW
        Alg.Alias.AlgorithmParameterGenerator.DH : DiffieHellman
        Cipher.DESedeWrap SupportedPaddings : NOPADDING
        Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.5.12 : PBKDF2WithHmacSHA1
        Alg.Alias.AlgorithmParameters.1.2.840.113549.1.3.1 : DiffieHellman
        Mac.HmacPBESHA1 : com.sun.crypto.provider.HmacPKCS12PBESHA1
        Cipher.DES SupportedKeyFormats : RAW
        AlgorithmParameters.PBEWithMD5AndTripleDES : com.sun.crypto.provider.PBEParameters
        Cipher.DESedeWrap SupportedModes : CBC
        Alg.Alias.KeyFactory.OID.1.2.840.113549.1.3.1 : DiffieHellman
        Alg.Alias.Cipher.OID.1.2.840.113549.1.5.3 : PBEWithMD5AndDES
        AlgorithmParameters.AES : com.sun.crypto.provider.AESParameters
        Alg.Alias.AlgorithmParameters.TripleDES : DESede
        Alg.Alias.SecretKeyFactory.TripleDES : DESede
        KeyGenerator.HmacSHA256 : com.sun.crypto.provider.KeyGeneratorCore$HmacSHA256KG
        Alg.Alias.KeyGenerator.TripleDES : DESede
        Alg.Alias.AlgorithmParameters.DH : DiffieHellman
        KeyGenerator.AES : com.sun.crypto.provider.AESKeyGenerator
        Cipher.RC2 SupportedPaddings : NOPADDING|PKCS5PADDING|ISO10126PADDING
        Alg.Alias.Cipher.RC4 : ARCFOUR
        Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.3.1 : DiffieHellman
        Mac.HmacSHA384 : com.sun.crypto.provider.HmacCore$HmacSHA384
        SecretKeyFactory.PBKDF2WithHmacSHA1 : com.sun.crypto.provider.PBKDF2HmacSHA1Factory
        Provider.id className : com.sun.crypto.provider.SunJCE
        Cipher.DES : com.sun.crypto.provider.DESCipher
        Cipher.Blowfish : com.sun.crypto.provider.BlowfishCipher
        KeyGenerator.SunTlsMasterSecret : com.sun.crypto.provider.TlsMasterSecretGenerator
        KeyGenerator.HmacSHA1 : com.sun.crypto.provider.HmacSHA1KeyGenerator
        Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.3 : PBEWithMD5AndDES
        KeyGenerator.SunTlsPrf : com.sun.crypto.provider.TlsPrfGenerator$V10
        SecretKeyFactory.PBEWithSHA1AndDESede : com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede
        KeyGenerator.ARCFOUR : com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator
        Alg.Alias.KeyAgreement.DH : DiffieHellman
        Alg.Alias.KeyGenerator.Rijndael : AES
        AlgorithmParameters.PBEWithSHA1AndDESede : com.sun.crypto.provider.PBEParameters
        Alg.Alias.KeyGenerator.RC4 : ARCFOUR
        Alg.Alias.Cipher.OID.1.2.840.113549.1.12.1.6 : PBEWithSHA1AndRC2_40
        Alg.Alias.Cipher.OID.1.2.840.113549.1.12.1.3 : PBEWithSHA1AndDESede
        Mac.SslMacMD5 SupportedKeyFormats : RAW
        Mac.HmacSHA1 SupportedKeyFormats : RAW
        Cipher.DESede SupportedKeyFormats : RAW
        Cipher.RC2 : com.sun.crypto.provider.RC2Cipher
        KeyGenerator.SunTls12Prf : com.sun.crypto.provider.TlsPrfGenerator$V12
        SecretKeyFactory.PBEWithSHA1AndRC2_40 : com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40
        KeyGenerator.HmacMD5 : com.sun.crypto.provider.HmacMD5KeyGenerator
        AlgorithmParameters.PBEWithSHA1AndRC2_40 : com.sun.crypto.provider.PBEParameters
        KeyGenerator.HmacSHA384 : com.sun.crypto.provider.KeyGeneratorCore$HmacSHA384KG
        Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.6 : PBEWithSHA1AndRC2_40
        KeyFactory.DiffieHellman : com.sun.crypto.provider.DHKeyFactory
        Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3 : PBEWithSHA1AndDESede
        AlgorithmParameters.PBEWithMD5AndDES : com.sun.crypto.provider.PBEParameters
        Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6 : PBEWithSHA1AndRC2_40
        Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.3 : PBEWithSHA1AndDESede
        Cipher.AESWrap : com.sun.crypto.provider.AESWrapCipher
        Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.5.3 : PBEWithMD5AndDES
        Alg.Alias.Cipher.Rijndael : AES
        Cipher.RSA SupportedModes : ECB
        Cipher.DESede SupportedModes : ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64
        Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.12.1.6 : PBEWithSHA1AndRC2_40
        Alg.Alias.SecretKeyFactory.OID.1.2.840.113549.1.12.1.3 : PBEWithSHA1AndDESede
        Cipher.ARCFOUR : com.sun.crypto.provider.ARCFOURCipher
        Alg.Alias.Cipher.1.2.840.113549.1.5.3 : PBEWithMD5AndDES
        Mac.SslMacSHA1 : com.sun.crypto.provider.SslMacCore$SslMacSHA1
        KeyAgreement.DiffieHellman : com.sun.crypto.provider.DHKeyAgreement
        Cipher.RC2 SupportedKeyFormats : RAW
        Alg.Alias.KeyFactory.DH : DiffieHellman
        KeyGenerator.Blowfish : com.sun.crypto.provider.BlowfishKeyGenerator

I believe that checking for a specific keygenerator such as KeyGenerator.HmacSHA512 : com.sun.crypto.provider.KeyGeneratorCore$HmacSHA512KG may tell you the same thing without having to rely on the key length query.

  • mine was writen in 2005... and still works, lol – Frank Nov 05 '12 at 18:56
  • didn't say it didn't work, I just was offering a modern version without all the array access and what not, I do like you used `final` almost everywhere, but not everywhere you could. –  Nov 05 '12 at 18:57
  • yeah seems like the same as Frank's above. I think I'm running into the same problem with this though - it just tells me that JCE is installed, but doesn't tell me whether the "unlimited strength" version of the files are installed over the standard ones. – Nathan Nov 05 '12 at 18:57
  • 1
    +1 for the fresh code... i'll copy it to my lib too. – Frank Nov 05 '12 at 19:06
12

Sure,

Here is a small piece of code:

public static void main(final String[] args) {
        final Provider[] providers = Security.getProviders();
        for (int i = 0; i < providers.length; i++) {
            final String name = providers[i].getName();
            final double version = providers[i].getVersion();
            System.out.println("Provider[" + i + "]:: " + name + " " + version);
            if (args.length > 0) {
                final Iterator it = providers[i].keySet().iterator();
                while (it.hasNext()) {
                    final String element = (String) it.next();
                    if (element.toLowerCase().startsWith(args[0].toLowerCase())
                            || args[0].equals("-all"))
                        System.out.println("\t" + element);
                }
            }
        }
    }

When you run it you will get all installed providers:

These are mine just as example:

Provider[0]:: SUN 1.6
Provider[1]:: Apple 1.0
Provider[2]:: SunRsaSign 1.5
Provider[3]:: SunJSSE 1.6
Provider[4]:: SunJCE 1.6
Provider[5]:: SunJGSS 1.0
Provider[6]:: SunSASL 1.5
Provider[7]:: XMLDSig 1.0
Provider[8]:: SunPCSC 1.6

If you need more, you can activate the inner loop of the code by giving the "-all" argument.

To check your Max key length you can use this:

System.out.println(Cipher.getMaxAllowedKeyLength("AES"));

Without the unlimited strength policy files this results in 128, after they have been installed properly the result is 2147483647.

Frank
  • 16,476
  • 7
  • 38
  • 51
  • Thanks, that worked perfectly! Looks like JCE is installed correctly for me, so back to the drawing board on my error – Nathan Nov 05 '12 at 18:49
  • You can always ask a new Question... – Frank Nov 05 '12 at 18:51
  • actually sorry, I have to un-accept this. =[ It looks like the JCE shows up as installed whether I had installed the extra-strength version or not. I tried a restore of the old standard-strength files but I still get the same output here. – Nathan Nov 05 '12 at 18:54
  • @Frank I don't think this says whether the Unlimited Strength Jurisdiction Policy File is installed or not. – assylias Nov 05 '12 at 19:02
  • 1
    i adapted my answer to satisfy you "new" requirement – Frank Nov 05 '12 at 19:02