Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Installing JCE With an Unlimited Strength Jurisdiction Policy

DZone's Guide to

Installing JCE With an Unlimited Strength Jurisdiction Policy

Learn how to quickly and easily install these security files and keep your Java SE-based software safe and secure - as well as how to do it for Mule.

· Security Zone
Free Resource

Discover an in-depth knowledge about the different kinds of iOS hacking tools and techniques with the free iOS Hacking Guide from Security Innovation.

In this article, I'd like to describe how to over come the "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error message when invoking secured services

These "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error messages usually occur when we try to invoke web services in a secured manner and your JVM is not provisioned for Java unlimited security jurisdiction.

To provision for the Java unlimited security jurisdiction we have to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.

How to Install JCE:

Windows -

  1. Go to the Oracle Java SE download page.
  2. Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File."
  3. Download the version that matches your installed JVM for example  UnlimitedJCEPolicyJDK7.zip
  4. Unzip the downloaded zip.
  5. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them).
  6. Then restart your application to get rid of this exception.

Linux/Unix - 

  1. Go to the Oracle Java SE download page.
  2. Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File."
  3. Download the version that matches your installed JVM, for example,  UnlimitedJCEPolicyJDK7.zip.
  4. Unzip the downloaded zip.
  5. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them).
# cd /usr/lib/jvm/java-1.7.0-oracle-1.7.0.51.x86_64/jre/lib/security
# cp /tmp/UnlimitedJCEPolicyJDK7.zip .
# ls -lhart
drwxrwxr-x.  2 root root 4.0K May 31  2011 UnlimitedJCEPolicy
-rw-r--r--.  1 root root  18K Dec 19  2013 java.security
-rw-r--r--.  1 root root 2.6K Dec 19  2013 java.policy
-rw-r--r--.  1 root root  81K Dec 19  2013 cacerts
-rw-r--r--.  1 root root 2.8K Dec 19  2013 blacklist
lrwxrwxrwx.  1 root root   58 Jul 17 14:15 US_export_policy.jar -> /etc/alternatives/jce_1.7.0_oracle_us_export_policy.x86_64
lrwxrwxrwx.  1 root root   54 Jul 17 14:15 local_policy.jar -> /etc/alternatives/jce_1.7.0_oracle_local_policy.x86_64
drwxr-xr-x. 17 root root 4.0K Nov  5 03:07 ..
-rw-r--r--.  1 root root 7.3K Dec 30 13:27 UnlimitedJCEPolicyJDK7.zip
drwxr-xr-x.  3 root root 4.0K Dec 30 13:28 .
# rm local_policy.jar
# rm US_export_policy.jar
# unzip UnlimitedJCEPolicyJDK7.zip # cp UnlimitedJCEPolicy/US_export_policy.jar . # cp UnlimitedJCEPolicy/local_policy.jar .


In Mule, if you are unable to connect from Mule Management Console to the on-Prem Mule Runtime or API Gateway servers then you have to install the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.

Learn about the importance of a strong culture of cybersecurity, and examine key activities for building – or improving – that culture within your organization.

Topics:
mulesoft ,security ,java security

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}