My java application I'm testing requires an unlimited strength encryption policy to run properly and I need a way to check if its installed on my machine.
This page provides a lot of ways to check using a java program but no way to do it natively on a windows machine. Checking if Unlimited Cryptography is available
Is there a way to check the policy file on a Windows machine without compiling a small java program and running the program through a batch file?
A JAR archive can be unzipped and the actual policy files are text readable, so you can evaluate the actual policies themselves (or compare against a known hash as Abhishek recommended above).
Example (unrestricted) default_local.policy:
$ more default_local.policy
// Country-specific policy file for countries with no limits on crypto strength.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};
Example (restricted) default_local.policy:
$ more default_local.policy
// Some countries have import limits on crypto strength. This policy file
// is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", "javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", *;
permission javax.crypto.CryptoPermission *, 128;
};
The export restrictions are unlikely to change moving forward because of the current state of the EAR rules, so you'd be pretty safe just doing a grep for CryptoAllPermission vs. *, 128;.
