How do I know if JCE is already installed?
3,140 views
Skip to first unread message
RobK
Feb 11, 2008, 2:02:27 PM2/11/08
to JetS3t Users
Is there a way to know for sure that the java JCE is already installed
on my computer?
I using a Mac running Tiger. When I run cockpit, I see strong crypto
options listed in the drop down box in the Preferences. (e.g. 256AES
etc). Does that mean that I already have the JCE installed?
Rob
on my computer?
I using a Mac running Tiger. When I run cockpit, I see strong crypto
options listed in the drop down box in the Preferences. (e.g. 256AES
etc). Does that mean that I already have the JCE installed?
Rob
James Murty
Feb 11, 2008, 5:30:23 PM2/11/08
to jets3t...@googlegroups.com
Hi Rob,
If you have access to strong cryptographic algorithms in Cockpit there is a good chance that the unlimited JCE policy file is already installed on your system. The exact set of algorithms that will be available in JetS3t with the limited JCE varies depending on which version of Java is on your system, but I don't believe any versions will make the 256-bit AES algorithms available unless the unlimited JCE is installed.
The only way you can check that you definitely have the unlimited JCE installed is to download the JCE policy files for your version of Java from Sun and compare them with what you already have.
Here is how you can perform this check on OS X. This is a very convoluted process, it's a shame the whole JCE mechanism in Java is so painful to use... These examples are from my computer which runs Tiger and Java version 1.5
Check which version of Java is installed on your system:
$ java -version
java version "1.5.0_13"
Download the appropriate "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" archive for your Java version from Sun's web site:
http://java.sun.com/javase/downloads/index.jsp
Unzip the JCE zip file you downloaded and calculate a checksum value for each file it contains:
$ unzip jce_policy-1_5_0.zip
$ cksum jce/*
577730208 1824 jce/COPYRIGHT.html
2810891355 8404 jce/README.txt
3044909981 2472 jce/US_export_policy.jar
3234857902 2486 jce/local_policy.jar
Confirm that the JCE policy files "US_export_policy.jar" and "local_policy.jar" in your own Java system match the checksum values of the unlimited JCE files you downloaded:
$ cd /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home/lib/security
$ cksum *.jar
3044909981 2472 US_export_policy.jar
3234857902 2486 local_policy.jar
In my example commands, the checksum values for the jar files match so I already have the unlimited JCE installed. If the checksum values do not match on your system, you should back up the jar files in the security directory (just in case...) and then replace them with the versions you downloaded from Sun.
I hope this helps,
James
If you have access to strong cryptographic algorithms in Cockpit there is a good chance that the unlimited JCE policy file is already installed on your system. The exact set of algorithms that will be available in JetS3t with the limited JCE varies depending on which version of Java is on your system, but I don't believe any versions will make the 256-bit AES algorithms available unless the unlimited JCE is installed.
The only way you can check that you definitely have the unlimited JCE installed is to download the JCE policy files for your version of Java from Sun and compare them with what you already have.
Here is how you can perform this check on OS X. This is a very convoluted process, it's a shame the whole JCE mechanism in Java is so painful to use... These examples are from my computer which runs Tiger and Java version 1.5
Check which version of Java is installed on your system:
$ java -version
java version "1.5.0_13"
Download the appropriate "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" archive for your Java version from Sun's web site:
http://java.sun.com/javase/downloads/index.jsp
Unzip the JCE zip file you downloaded and calculate a checksum value for each file it contains:
$ unzip jce_policy-1_5_0.zip
$ cksum jce/*
577730208 1824 jce/COPYRIGHT.html
2810891355 8404 jce/README.txt
3044909981 2472 jce/US_export_policy.jar
3234857902 2486 jce/local_policy.jar
Confirm that the JCE policy files "US_export_policy.jar" and "local_policy.jar" in your own Java system match the checksum values of the unlimited JCE files you downloaded:
$ cd /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home/lib/security
$ cksum *.jar
3044909981 2472 US_export_policy.jar
3234857902 2486 local_policy.jar
In my example commands, the checksum values for the jar files match so I already have the unlimited JCE installed. If the checksum values do not match on your system, you should back up the jar files in the security directory (just in case...) and then replace them with the versions you downloaded from Sun.
I hope this helps,
James
RobK
Feb 11, 2008, 6:34:35 PM2/11/08
to JetS3t Users
Thanks James.
I did the same test and my checksums are identical to yours and match.
So I guess Apple ships Mac OS X Tiger with the JCE file (or strong
crypto enabled).
I suspect that will not be the case if one installs the JRE on a
virgin Windows XP machine. You will likely also have to install the
JCE to get the strong crypto.
Thanks.
Rob
I did the same test and my checksums are identical to yours and match.
So I guess Apple ships Mac OS X Tiger with the JCE file (or strong
crypto enabled).
I suspect that will not be the case if one installs the JRE on a
virgin Windows XP machine. You will likely also have to install the
JCE to get the strong crypto.
Thanks.
Rob
James Murty
Feb 11, 2008, 6:44:19 PM2/11/08
to jets3t...@googlegroups.com
I can't remember whether I had to install the JCE policy files for Tiger or not. I certainly did with Java on Panther, and I think I did with Tiger as well but it was so long ago that I can't remember for sure.
The JCE policy file system is a confusing one. I suspect that Java installed on systems in the U.S. include the full-strength cryptography settings, while international installations may not. I'm in Australia, so I generally have to install the unlimited JCE policy manually.
I would be interested to hear whether a Java installation on your Windows XP machine includes the full-strength JCE by default. I would guess not, but my experience as a non U.S.-ian may not be the same as yours.
Cheers,
James
The JCE policy file system is a confusing one. I suspect that Java installed on systems in the U.S. include the full-strength cryptography settings, while international installations may not. I'm in Australia, so I generally have to install the unlimited JCE policy manually.
I would be interested to hear whether a Java installation on your Windows XP machine includes the full-strength JCE by default. I would guess not, but my experience as a non U.S.-ian may not be the same as yours.
Cheers,
James
On 2/12/08, RobK <pse.n...@gmail.com> wrote:
Reply all
Reply to author
Forward
0 new messages