All geek questions in one place

Why is JCE Unlimited Strength not enabled by default?

Customization

Question

  • Why are they not provided and are not regarded as a black sheep?
+6
source share
3 answers
+12
source

Unlimited cryptography is now enabled by default in the JDK

The JDK uses Jurisiction policy files to extend the cryptographic extensions (JCE) to configure the limitations of the cryptographic algorithm. Previously, policy files in the JDK set limits on various algorithms. This release comes with a limited and unlimited jurisdiction policy file with an unlimited default value. The behavior can be controlled using the new crypto.policy Security property found in the /lib/java.security file. For more information about this property, refer to this file.

See: http://www.oracle.com/technetwork/java/javase/8u161-relnotes-4021379.html#JDK-8170157

+3
source

The USA has restrictions on the export of cryptographic technology:

https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States

They were very strict - cryptography was classified as ammunition, and you could only download strong products from the USA and other countries with white countries.

Since then, the restrictions have greatly weakened, but some remain, and the full strength of JCE cannot be distributed freely like the JRE, so this is a separate package.

+2
source

Source: https://habr.com/ru/post/1014876/

More articles:


All Articles