| |
| Java(TM) Cryptography Extension Policy Files |
| for the Java(TM) Platform, Standard Edition Runtime Environment |
| |
| README |
| ------------------------------------------------------------------------ |
| |
| Import and export control rules on cryptographic software vary from |
| country to country. The Java Cryptography Extension (JCE) architecture |
| allows flexible cryptographic key strength to be configured via the |
| jurisdiction policy files which are referenced by the “crypto.policy” |
| security property in the <java-home>/conf/security/java.security file. |
| |
| By default, Java provides two different sets of cryptographic policy |
| files: |
| |
| unlimited: These policy files contain no restrictions on cryptographic |
| strengths or algorithms |
| |
| limited: These policy files contain more restricted cryptographic |
| strengths |
| |
| These files reside in <java-home>/conf/security/policy in the “unlimited” |
| or “limited” subdirectories respectively. |
| |
| Each subdirectory contains a complete policy configuration, |
| and subdirectories can be added/edited/removed to reflect your |
| import or export control product requirements. |
| |
| Within a subdirectory, the effective policy is the combined minimum |
| permissions of the grant statements in the file(s) matching the filename |
| pattern "default_*.policy". At least one grant is required. For example: |
| |
| limited = Export (all) + Import (limited) = Limited |
| unlimited = Export (all) + Import (all) = Unlimited |
| |
| The effective exemption policy is the combined minimum permissions |
| of the grant statements in the file(s) matching the filename pattern |
| "exempt_*.policy". Exemption grants are optional. For example: |
| |
| limited = grants exemption permissions, by which the |
| effective policy can be circumvented. |
| e.g. KeyRecovery/KeyEscrow/KeyWeakening. |
| |
| Please see the Java Cryptography Architecture (JCA) documentation for |
| additional information on these files and formats. |
| |
| YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY |
| TO DETERMINE THE EXACT REQUIREMENTS. |
| |
| Please note that the JCE for Java SE, including the JCE framework, |
| cryptographic policy files, and standard JCE providers provided with |
| the Java SE, have been reviewed and approved for export as mass market |
| encryption item by the US Bureau of Industry and Security. |