Java Error: please install JCE Unlimited Strength Jurisdiction Policy files
I have gone through similar issue but with eclipse instead Intellij.
It could be the problem with the jdk(multiple versions) and jre. Go to your C:\Program Files\Java directory, add the NEWLY DOWNLOADED JCE jars (depending upon the Java version) inside security folder of each of JDK & JRE you have installed.
Providing JCE policies without patching the JRE
Okay, I was actually able to bypass the policies using java reflection: How to avoid installing "Unlimited Strength" JCE policy files when deploying an application?
Looks like a dirty hack, but does work and doesn't require any licensing, signing and all that stuff.
Why are the JCE Unlimited Strength not included by default?
- As it turns out, it's not strict crypto export laws, but simply that no one got around to it yet.
- In fact, it's been planned for a long time to not have to jump through these hoops.
- In Java 9, the ceremony will be condensed down to a one-liner:
Security.setProperty("crypto.policy", "unlimited");
Don't want to use unlimited strength policy files
Your code snippet throws an InvalidKeyException despite using BouncyCastle, because you are not using the BC Lightweight API. If you access BC through the JCE API then the same limits on crypto strength apply as with Sun/Oracle providers.
PKCS#12 files are usually encrypted with 3DES (pbeWithSHA1And3-KeyTripleDES-CBC
), which is not restricted by the default policy file. However, PKCS#12 allows the use of arbitrary encryption algorithms, so it seems like you got a p12 file that is encrypted with another algorithm. You can check this with openssl:
openssl pkcs12 -in host.p12 -info -noout
The encryption algorithm should change when you convert the keystore to JKS or JCEKS (more secure) with keytool:
keytool -importkeystore -srckeystore host.p12 -srcstoretype PKCS12 -deststoretype JCEKS -destkeystore host.jks
Of course you will have to adapt your code then:
KeyStore keyStore = KeyStore.getInstance("JCEKS");
You could even convert the JCEKS keystore back to PKCS12 with keytool. Keytool generates PKCS12 files with pbeWithSHA1And3-KeyTripleDES-CBC
.
Error install JCE Unlimited Strength Jurisdiction Policy files
I found a solution to the problem. I replaced the files only in the folder "jre". It is also necessary to replace the files in the folder "jdk".
Related Topics
How to Schedule a Periodic Task in Java
Looking for a CSS Parser in Java
Any Good Orm Tools for Android Development
Understand the R Class in Android
Kiosk Mode for Linux Java Swing Application
Equivalent of Data Protection API on Linux
Linux Start-Up Script for Java Application
Eclipse Swt Browser Crash (Linux 64Bit)
Connect as User with No Password Set on Postgresql 8.4 via Jdbc
How to Pass an Array as Arguments to a Method With Variable Arguments in Java
Spring Security Does Not Allow CSS or Js Resources to Be Loaded
How to Check If an App Running on Android
How to Use the Legacy Apache Http Client on Android Marshmallow
Why Stringbuilder Stops Adding Elements After Using the Null Character