JSE cipher strength policy was changing along with JDK versions. Read on how to enable it in different JDK versions.
JDK < 8u151 (October 17, 2017)
Basically you download jce_policy-8.zip from Oracle website, unzip it and and put the 2 jars (US_export_policy.jar and local_policy.jar) into $JAVA_HOME/jre/lib/security overwriting existing files.
In case of shared server where $JAVA_HOME may be not writable you need to copy $JAVA_HOME to your $HOME, update JAVA_HOME in your ~/.bashrc with new path and then copy in the jars into the new $JAVA_HOME/jre/lib/security.
Previous versions of the zip for older JDKs were named differently like UnlimitedJCEPolicyJDK7_2.zip, jce_policy-6.zip or jce-1_2_2.zip.
JDK >= 8u151 and < 8u162
Unlimited cipher policy files are included since this version by default but not enabled. Enable it with in your code with
Security.setProperty("crypto.policy", "unlimited");
before JCE framework initialization.
The other way is to uncomment #crypto.policy=unlimited in $JAVA_HOME/jre/lib/security/java.security file.
JDK >= 8u162
Finally nothing to do :) Unlimited policy files are included and unlimited cipher strength is enabled by default.
Testing code for AES cipher strength
Copy and paste below commands in your bash shell to verify current AES strength.
cat > CipherTest.java<<EOF
import javax.crypto.Cipher;
class CipherTest {
public static void main(String[] args) {
try {
int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
System.out.println("Max AES key length = " + maxKeyLen);
} catch (Exception e){
System.out.println("FAILED: No AES found!");
}
}
}
EOF
javac CipherTest.java
java CipherTest
Max AES key length = 2147483647
Typical value for weak cipher policy is 128. Maximum value is 2147483647 and it confirms unlimited cipher strength policy.
