-
- Java(TM) Cryptography Extension Policy Files
- for the Java(TM) Platform, Standard Edition Runtime Environment
-
- README
-------------------------------------------------------------------------
-
-Import and export control rules on cryptographic software vary from
-country to country. The Java Cryptography Extension (JCE) architecture
-allows flexible cryptographic key strength to be configured via the
-jurisdiction policy files which are referenced by the "crypto.policy"
-security property in the <java-home>/conf/security/java.security file.
-
-By default, Java provides two different sets of cryptographic policy
-files:
-
- unlimited: These policy files contain no restrictions on cryptographic
- strengths or algorithms
-
- limited: These policy files contain more restricted cryptographic
- strengths
-
-These files reside in <java-home>/conf/security/policy in the "unlimited"
-or "limited" subdirectories respectively.
-
-Each subdirectory contains a complete policy configuration,
-and subdirectories can be added/edited/removed to reflect your
-import or export control product requirements.
-
-Within a subdirectory, the effective policy is the combined minimum
-permissions of the grant statements in the file(s) matching the filename
-pattern "default_*.policy". At least one grant is required. For example:
-
- limited = Export (all) + Import (limited) = Limited
- unlimited = Export (all) + Import (all) = Unlimited
-
-The effective exemption policy is the combined minimum permissions
-of the grant statements in the file(s) matching the filename pattern
-"exempt_*.policy". Exemption grants are optional. For example:
-
- limited = grants exemption permissions, by which the
- effective policy can be circumvented.
- e.g. KeyRecovery/KeyEscrow/KeyWeakening.
-
-Please see the Java Cryptography Architecture (JCA) documentation for
-additional information on these files and formats.
-
-YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
-TO DETERMINE THE EXACT REQUIREMENTS.
-
-Please note that the JCE for Java SE, including the JCE framework,
-cryptographic policy files, and standard JCE providers provided with
-the Java SE, have been reviewed and approved for export as mass market
-encryption item by the US Bureau of Industry and Security.