local_policy.jar和US_export_policy.jar的不同之处在于Unlimited Strength Vs Default. [英] local_policy.jar and US_export_policy.jar different with Unlimited Strength Vs Default.

问题描述

在Java平台文档中 http://www.oracle.com/technetwork/java/javase /jrereadme-182762.html .关于

In java platform documentation http://www.oracle.com/technetwork/java/javase/jrereadme-182762.html. Regarding the comment about

/lib/security/local_policy.jar /lib/security/US_export_policy.jar

/lib/security/local_policy.jar /lib/security/US_export_policy.jar

由于某些国家/地区的进口管制限制，Java SE开发工具包和Java SE运行时环境附带的Java密码扩展(JCE)策略文件允许使用强而有限的加密.

Due to import control restrictions for some countries, the Java Cryptography Extension (JCE) policy files shipped with the Java SE Development Kit and the Java SE Runtime Environment allow strong but limited cryptography to be used.

JDK网站上为居住在符合条件的国家/地区的人提供了这些文件的无限制强度版本，表明对加密强度没有任何限制.居住在符合条件的国家/地区的人可以下载不限强度的版本，并用不限强度的文件替换强密码罐. 问题

An unlimited strength version of these files indicating no restrictions on cryptographic strengths is available on the JDK web site for those living in eligible countries. Those living in eligible countries may download the unlimited strength version and replace the strong cryptography jar files with the unlimited strength files. Questions

1. 每个JDK捆绑包都随附local_policy.jar和US_export_policy.jar吗?
2. 默认local_policy.jar和US_export_policy.jar中的限制是什么?是密钥大小吗?
3. 如果我需要使用128位密钥，是否需要进行无限强度Java密码学
   扩展
4. 有没有一种方法可以将这两个jar保留在外部路径中并加载它.因为我有50台服务器，而不是每个JDK都应对，所以我宁愿将其维护在一个中央位置.

1. Does every JDK bundle comes with local_policy.jar and US_export_policy.jar ?
2. What is the limitation in default local_policy.jar and US_export_policy.jar. Is it the key size ?
3. If I need to use 128 bit keys does it required to go for Unlimited Strength Java Cryptography
   Extension
4. Is there a way I can keep these two jars in external path and load it. Because I have more 50 servers rather than coping in each JDK I would prefer to maintain it in a central place.

推荐答案

每个JDK捆绑包都随附local_policy.jar和US_export_policy.jar吗?

Does every JDK bundle comes with local_policy.jar and US_export_policy.jar ?

是的从1.4版本开始，JCE已集成到Java 2 SDK中.

yup. JCE has been integrated into the Java 2 SDK since the 1.4 release.

默认local_policy.jar和US_export_policy.jar中的限制是什么?是密钥大小吗?

What is the limitation in default local_policy.jar and US_export_policy.jar. Is it the key size ?

是，它是密钥大小.我的东西超过128位是不允许的.您可以使用int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");

Yes it is the key size. I thing more than 128 bit is not allowed. You can check the maximum size of the algorithm using int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");

如果我需要使用128位密钥，是否需要使用Unlimited Strength Java Cryptography Extension

If I need to use 128 bit keys does it required to go for Unlimited Strength Java Cryptography Extension

对于128位密钥加密，我认为您不需要无限强度Java密码扩展罐.默认值应该可以正常工作.

For 128 bit key encryption I dont think you need Unlimited Strength Java Cryptography Extension jars. Default ones should work just fine.

有没有一种方法可以将这两个jar保留在外部路径中并加载它.因为我有50台服务器，而不是每个JDK都应对，所以我宁愿将其维护在一个中央位置.

Is there a way I can keep these two jars in external path and load it. Because I have more 50 servers rather than coping in each JDK I would prefer to maintain it in a central place.

如上所述，如果您使用128位密钥进行加密，则不会出现这种情况，但是如果您使用更长的密钥(例如256)，则需要获得无限强度的jar并将其替换为$JAVA_HOME/jre/lib/security.因为它在JDK/JRE本身中，所以即使在分布式服务器的情况下也无法使其集中化.您将需要在每台服务器上更换它.

As mentioned above this scenario should not occur if you are using 128 bit key for encryption but if you are using more lengthy key (Eg 256) you will need to get unlimited strength jars and replace them in $JAVA_HOME/jre/lib/security. As it is in the JDK/JRE itself you cannot make it centralized not in case of distributed servers. You will need to replace it on each of your servers.

请参考oracles 参考指南.

Refer oracles reference guide.

如果您不想这样做，也可以参考以下主题的替代方法-

Also if you don't want to do this you can refer to following thread for alternatives -

如何避免安装部署应用程序时使用无限强度" JCE策略文件?

反射是线程中用户的一种变通方法.虽然我不建议您这样做，但您可以看一下.

Reflection is user in the thread as a work around. Though I would not recommend it you can take a look at it.

我在帖子中总结了所有内容.您也可以参考-

I have summarized everything in a post. You can refer that too -

如何安装Java密码扩展(JCE)无限实力管辖权政策文件

这篇关于local_policy.jar和US_export_policy.jar的不同之处在于Unlimited Strength Vs Default.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！