Increasing Java Encryption Strength

If you are a Java developer and you have worked with encryption, I am sure that you have notice the limit of 128-bit keys that the default JDK has. I do not know exactly why this restriction exists, it looks like related with some US laws. Fortunately, Java supports bigger keys but not out of the box, we need to perform a couple of actions to achieve this. The 128-bit limit sounds a little small and dated.

If you try to execute your code with a bigger key than 128-bit, you should receive and exception like:

java.security.InvalidKeyException:Illegal Key Size

The way to solve this, if we want to work with bigger keys, for example with a 256-bit AES encryption, it is to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE.

Oracle offers the necessary .jar files in its downloads page in the Additional Resources section. In the previous link you can find the versions for JDK/JRE 8 and JDK/JRE 7.

After download and unzip the downloaded file (jce_policy-8.zip for JDK/JRE 8) you will have two new .jar files plus a README.txt file:

  • local_policy.jar
  • US_export_policy.jar

Now, you only need to copy these two .jar files to the correct path in your system. The correct path for default installations should be:

<java-home>/lib/security	[Unix]
<java-home>\lib\security	[Windows]

With these few steps, now, you only need to restart your applications to have support for bigger keys.

If you need more information, you can read the README.txt file.

See you

Tip: Remember that the maximum key length permitted by policy can be different from the maximum key length permitted by algorithms

Advertisements
Increasing Java Encryption Strength

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s