Enhanced Crypto Policies


Until Java 8, it was necessary to download and install JCE in the JDK in order to use it. In OpenJDK 11, unlimited crypto policies are installed by default. If you want (or have to) switch from unlimited to limited crypto policies, you can do that with just one line of code.

Security.setProperty("crypto.policy", "limited");

Starting with Java 1.8.0_151 and 1.8.0_152, there is a new and easier way to enable unlimited strength jurisdiction policy for the JVM. Without enabling this, you cannot use AES-256 encryption for example.

To use this, we need to first download the JRE. I like to use the server-jre for servers. When you extract the server-jre, look for the file java.security in the jre/lib/security folder. For example, for Java 1.8.0_152, the file structure looks like this:

/jdk1.8.0_152 |- /jre |- /lib |- /security |- java.security

Now, open java.security with a text editor and look for the line that defines the java security property crypto.policy. It can have two values limited or unlimited—the default is limited.

By default, you should find a commented out line:

#crypto.policy=unlimited

You can enable unlimited by uncommenting that line, remove the #:

crypto.policy=unlimited

Now restart your java applications that point to the JVM and you should be all set.


By Shiva
Java Expert