1

I have made a Java application that uses the PBKDF2WithHmacSHA1 encryption algorithm and I was required to download the Unlimited JCE Policy jar. I put both of the JAR files where there are supposed to be (I put them in the JRE security folder of my JDK), named correctly, and so it works in Eclipse.

When I export it however, it only works when I run the JAR file from command line. I have done some debugging and when I double click the executable/runnable JAR it falls in the encryption/decryption methods as they throw Exceptions.

So, if anybody can tell me why this is and more over, how to solve the issue I would be greatful as this is very important!

Thanks in advance

Andy
  • 3,600
  • 12
  • 53
  • 84
  • 1
    If you have more than one version of the JRE installed (older or 32 bits vs 64 bits for example), double clicking on the JAR might call a different version that does not have the unlimited JCE files? – assylias Apr 28 '12 at 19:40
  • Okay, so is there a way to stop this from happening? I need to distribute this application to other people's computers and I don't want to rely on other people having the unlimited JCE policy. Can I include it somehow? – Andy Apr 28 '12 at 19:51
  • I don't know, maybe those 2 questios can help: http://stackoverflow.com/questions/1179672/unlimited-strength-jce-policy-files and http://stackoverflow.com/questions/9331867/programmatically-discover-java-unlimited-encryption – assylias Apr 28 '12 at 20:00
  • Thanks for those links, but they don't offer a solution to my problem really. As a temporary compromise I am just going to use 128 bit encryption which is available with standard Java. However, I do really need a true solution as soon as possible. – Andy Apr 29 '12 at 15:50

1 Answers1

1

Ok, so it looks like the only way to distribute the unlimited JCE policy is to unpack the required .jars and overwrite the existing ones on users' computers, either during installation or upon first run of the application. But even that appears to be a hit or miss process.

The alternative route that a lot of people seem to be taking is using APIs such as BouncyCastle which supports higher levels of encryption and can be freely and easily distributed, even with commercial applications.

I imagine that Oracle made it this way because of restrictions previously imposed of certain countries that now seem to have been lifted. I might be wrong, but I have nevertheless heard that Java is working on a better implementation to solve this problem!

Andy
  • 3,600
  • 12
  • 53
  • 84
  • As you figured, neither of those approaches is ideal. Here's a third option: http://stackoverflow.com/questions/1179672/unlimited-strength-jce-policy-files/22492582#22492582 – ntoskrnl Mar 18 '14 at 23:01