0

How to check the minor/update version version through shell script.

For example my current output of command 

$ java -version
java version "1.8.0_171"

I am using 256 AES which requires java update > 161. I want to test the minor version, how to do it.

Avinash Sahu
  • 249
  • 3
  • 19
  • 1
    What do you mean? In my opinion it makes no sense testing the minor version without checking the major version, or am I missing something? – Dominique Aug 08 '18 at 11:57
  • AES 256 is available in all Java versions since at least Java 1.4.2. The only difference is that in Java versions before Java 8 update 161 you need to enable or install the unlimited strength cryptography policy for AES to work with keys > 128, since Java 8 update 161 it is enabled by default. See also https://stackoverflow.com/questions/3862800/invalidkeyexception-illegal-key-size/3864276#3864276 Note that even with higher Java versions AES 256 might not work because the policy could have been explicitly **disabled**. – Mark Rotteveel Aug 08 '18 at 12:26
  • @MarkRotteveel Indeed. Inside java.security file, there are rules that specify the cryptography policies. For example for JDK1.8.0_172, if crypto.policy property set to unlimited, then policy jars at unlimited directory will be used or vice versa. This given by, no policy jars present at legacy location. However if policy jars exist at legacy location and crypto.policy is not set, then legacy location jars will be used instead. Finally, if jar files not present at legacy location and crypto.policy is not set(commented), then unlimited setting will be used. – Awan Biru Aug 09 '18 at 07:50
  • 1
    @AwanBiru I'm well aware of that, see the answer I linked to; I wrote that answer and it has all those details. – Mark Rotteveel Aug 09 '18 at 07:51
  • @Dominique You are right. I need to check minor as well as major version. Currently I do check for major version i.e. 1.8. As you are aware that in JDK 1.8 before the 161 update the the key length was limited to 128 bit. The question I asked was more of shell scripting question. Nonetheless, thanks for your insight. – Avinash Sahu Aug 09 '18 at 09:22

1 Answers1

2

If you insist, you may follow this discussion of getting major and minor version of Java and prints it at console.

Regards to AES 256, by default Java version 1.8.0_171 already supports key size > 128 as default. Below are excerpt of <JAVA_HOME>/jre/lib/security/java.securityfile:-

# Cryptographic Jurisdiction Policy defaults
#
# Import and export control rules on cryptographic software vary from
# country to country.  By default, the JDK provides two different sets  of
# cryptographic policy files:
#
#     unlimited:  These policy files contain no restrictions on cryptographic
#                 strengths or algorithms.
#
#     limited:    These policy files contain more restricted cryptographic
#                 strengths, and are still available if your country or
#                 usage requires the traditional restrictive policy.
#
# The JDK JCE framework uses the unlimited policy files by default.
# However the user may explicitly choose a set either by defining the
# "crypto.policy" Security property or by installing valid JCE policy
# jar files into the traditional JDK installation location.  To better
# support older JDK Update releases, the "crypto.policy" property is not
# defined by default.  See below for more information.

To test TLS connectivity with 256 cipher key strength, you may use SSLPoke program. Compile this program with javac and run as below:-

$java -Djavax.net.debug=all SSLPoke microsoft.com 443 | grep 'Cipher Suite: TLS'

If SSL handshake and connection is successful, then cipher suite with key size > 128 will be printed at console.

Awan Biru
  • 373
  • 2
  • 10
  • Thanks Awan for pointer. The sample output was for example. I just need check before starting my application that JDK 1.8 minor version is greater than 161. 256 bit encryption was enabled in the update http://www.oracle.com/technetwork/java/javase/2col/8u161-bugfixes-4021380.html – Avinash Sahu Aug 08 '18 at 12:32
  • Glad to hear it helps. – Awan Biru Aug 09 '18 at 07:15