To use the included 256-bit encryption algorithms within Java, Oracle Java JDK or JRE requires you to download and replace the US_export_policy.jar and local_policy.jar files under your $JAVA_HOME/jre/lib/security/ directory with a variant of these files called ‘JCE Unlimited Strength Jurisdiction Policy Files’ obtained here.
These jars, commonly referred to as the ‘Unlimited JCE files‘, control to limit what algorithms you can or cannot use in your code.
An installation with vanilla (non-unlimited, default) files would show the below output when executed over it. Note specifically the explicit listing of all allowed codecs and the absence of the “256” number:
$ unzip -c $JAVA_HOME/jre/lib/security/local_policy.jar default_local.policy
…
// Some countries have import limits on crypto strength.
// This policy file is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", *;
permission javax.crypto.CryptoPermission *, 128;
};
An installation with the same files replaced with the unlimited variants, would instead show the below. Note specifically the class name of the granted permission:
$ unzip -c $JAVA_HOME/jre/lib/security/local_policy.jar default_local.policy
…
// Country-specific policy file for countries
// with no limits on crypto strength.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};