为什么默认情况下不包括JCE Unlimited Strength? [英] Why are the JCE Unlimited Strength not included by default?
本文介绍了为什么默认情况下不包括JCE Unlimited Strength?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
- Java不提供对JCE Unlimited Strength Policy Files的开箱即用支持
- 这可以防止用户使用AES-256,这是广泛使用的加密标准中最大的密钥大小。
- 不包括策略文件会导致许多问题:
- 意外的例外情况
- 不满意的解决方法:
- 只需安装它们
- 使用不同的实现
- 使用可能违反Java许可协议的反射
- Java doesn't offer out-of-the-box support for the JCE Unlimited Strength Policy Files
- This prevents users from using AES-256, the largest key size of a widely-used encryption standard
- Not including the policy files leads to many problems:
- Unexpected exceptions
- Unsatisfying workarounds:
- Just install them
- Use a different implementation
- Use reflection that may violate the Java License Agreement
- 为什么这些不像黑羊一样被提供和对待?
推荐答案
- 事实证明,这不是严格的加密输出法则,而只是没人接触到它。
- 事实上,已经计划好了很长时间,不必跳过这些箍。
- 在Java 9中,仪式将缩小为 one-liner :
Security.setProperty(crypto.policy, 无限制);
- As it turns out, it's not strict crypto export laws, but simply that no one got around to it yet.
- In fact, it's been planned for a long time to not have to jump through these hoops.
- In Java 9, the ceremony will be condensed down to a one-liner:
Security.setProperty("crypto.policy", "unlimited");
这篇关于为什么默认情况下不包括JCE Unlimited Strength?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文