SecurityException Even After Replacing Crypto Policy Jars

Question

I set up a project using some of the Jasypt encryption libraries, and when the code tries to execute, the first encrypt operation throws in following errors.

Caused by: java.lang.SecurityException: The jurisdiction policy files are not signed by a        trusted signer!
at javax.crypto.JarVerifier.verifyPolicySigned(JarVerifier.java:289)
at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:316)
at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:261)
at javax.crypto.JceSecurity.access$000(JceSecurity.java:48)
at javax.crypto.JceSecurity$1.run(JceSecurity.java:78)
at java.security.AccessController.doPrivileged(Native Method)
at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:76)
... 9 more

After researching for a while, it seemed obvious I just had to replace my JCE crypto policy files. I downloaded the jce7 zip from this link: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

I unzipped that file and copied the two jars to C:\Program Files (x86)\Java\jre7\lib\security

There is also a jre6 directory on the same level as the jre7 one I just mentioned. I also tried copying the same policy files to the jre6 directory as well after my first attempt didn't work. I've also tried copying the jre6 specific jars to that directory with no luck.

edit: I am running Java 1.7.0_40

Any help would be greatly appreciated. Thanks!

Answer 1

The two policy files go into the "jre7/lib/security" folder as the README.txt file instructs, overwriting the existing files, and not into the "jre7" root folder. Also note that you have to use the correct files that match your JRE – the Java 7 policy files probably won't work in Java 6 and vice versa.

Also see this question: How to avoid installing "Unlimited Strength" JCE policy files when deploying an application?