Installing JCE With an Unlimited Strength Jurisdiction Policy

In this article, I'd like to describe how to over come the "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error message when invoking secured services

These "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error messages usually occur when we try to invoke web services in a secured manner and your JVM is not provisioned for Java unlimited security jurisdiction.

To provision for the Java unlimited security jurisdiction we have to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.

How to Install JCE:

Windows -

1. Go to the Oracle Java SE download page.
2. Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File."
3. Download the version that matches your installed JVM for example  UnlimitedJCEPolicyJDK7.zip
4. Unzip the downloaded zip.
5. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them).
6. Then restart your application to get rid of this exception.

Linux/Unix - 

1. Go to the Oracle Java SE download page.
2. Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File."
3. Download the version that matches your installed JVM, for example,  UnlimitedJCEPolicyJDK7.zip.
4. Unzip the downloaded zip.
5. Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them).

# cd /usr/lib/jvm/java-1.7.0-oracle-1.7.0.51.x86_64/jre/lib/security

# cp /tmp/UnlimitedJCEPolicyJDK7.zip .

# ls -lhart

drwxrwxr-x.  2 root root 4.0K May 31  2011 UnlimitedJCEPolicy

-rw-r--r--.  1 root root  18K Dec 19  2013 java.security

-rw-r--r--.  1 root root 2.6K Dec 19  2013 java.policy

-rw-r--r--.  1 root root  81K Dec 19  2013 cacerts

-rw-r--r--.  1 root root 2.8K Dec 19  2013 blacklist

lrwxrwxrwx.  1 root root   58 Jul 17 14:15 US_export_policy.jar -> /etc/alternatives/jce_1.7.0_oracle_us_export_policy.x86_64

lrwxrwxrwx.  1 root root   54 Jul 17 14:15 local_policy.jar -> /etc/alternatives/jce_1.7.0_oracle_local_policy.x86_64

drwxr-xr-x. 17 root root 4.0K Nov  5 03:07 ..

-rw-r--r--.  1 root root 7.3K Dec 30 13:27 UnlimitedJCEPolicyJDK7.zip

drwxr-xr-x.  3 root root 4.0K Dec 30 13:28 .

# rm local_policy.jar

# rm US_export_policy.jar

# unzip UnlimitedJCEPolicyJDK7.zip # cp UnlimitedJCEPolicy/US_export_policy.jar . # cp UnlimitedJCEPolicy/local_policy.jar .

In Mule, if you are unable to connect from Mule Management Console to the on-Prem Mule Runtime or API Gateway servers then you have to install the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.