Home > Development > Check if JCE is installed

Check if JCE is installed

Asgård’s always been my home
But I’m of different blood
I will overthrow the throne
Deceiver! Deceiver of the gods!
(Amon Amarth – Deceiver of the Gods)

JCE stands for Java Cryptography Extension. Unlimited Strength Jurisdiction Policy Files are not distributed with standard Java distributions due to export laws limitations. But, some Java-powered software does need it to function properly. Often someone thinks JCE is installed but software still refuses to run properly. These are some of the possible errors:

org.apache.xml.security.encryption.XMLEncryptionException: 
Illegal key size or default parameters

So, how to check if unlimited JCE is really installed? After consulting google and stackoverflow answers I’ve written a small Java program that checks it very accurately. This is the source code:

import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;

public class UnlimitedSupportJCE
{
  public static void main(final String[] args)
  {
    int strength = 0;
    try {
      strength = Cipher.getMaxAllowedKeyLength("AES");
    } catch (NoSuchAlgorithmException e) {
      System.out.println("isUnlimitedSupported=FALSE");
    }
    if ( strength > 128 ){
      System.out.printf("isUnlimitedSupported=TRUE,strength: %d%n",strength);
    } else {
      System.out.printf("isUnlimitedSupported=FALSE,strength: %d%n",strength);
    }
  }
}

You can save this code in a file named UnlimitedSupportJCE.java. You will also need JDK installed (with javac compiler). Now you can compile the code:

$ javac UnlimitedSupportJCE.java

This creates file called UnlimitedSupportJCE.class, which can now be run by JVM:

$ java UnlimitedSupportJCE
isUnlimitedSupported=TRUE, strength: 2147483647

We can see that on this particular JVM, Ulimited JCE is installed correctly. How about after removing the JARs?

$ java UnlimitedSupportJCE
isUnlimitedSupported=FALSE, strength: 128

We can see that strength of cyphers is dramaticaly lower with vanilla JCE files that are distributed with standard JRE/JDKs.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: