Mercurial Mercurial > jdk-sandbox / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/java.base/share/conf/security/policy/README.txt
author wetmore
Thu, 31 Aug 2017 12:48:19 -0700
changeset 47031 78fb24b5f758
parent 42365 5e640c2994d6
permissions -rw-r--r--
8186093: A comment in the java.security configuration file incorrectly says that strong but "limited" is the default value Reviewed-by: mullan


            Java(TM) Cryptography Extension Policy Files
    for the Java(TM) Platform, Standard Edition Runtime Environment

                               README
------------------------------------------------------------------------

Import and export control rules on cryptographic software vary from
country to country.  The Java Cryptography Extension (JCE) architecture
allows flexible cryptographic key strength to be configured via the
jurisdiction policy files which are referenced by the “crypto.policy”
security property in the <java-home>/conf/security/java.security file.

By default, Java provides two different sets of cryptographic policy
files:

    unlimited:  These policy files contain no restrictions on cryptographic
                strengths or algorithms

    limited:    These policy files contain more restricted cryptographic
                strengths

These files reside in <java-home>/conf/security/policy in the “unlimited”
or “limited” subdirectories respectively.

Each subdirectory contains a complete policy configuration,
and subdirectories can be added/edited/removed to reflect your
import or export control product requirements.

Within a subdirectory, the effective policy is the combined minimum
permissions of the grant statements in the file(s) matching the filename
pattern "default_*.policy".  At least one grant is required.  For example:

    limited   =  Export (all) + Import (limited)  =  Limited
    unlimited =  Export (all) + Import (all)      =  Unlimited

The effective exemption policy is the combined minimum permissions
of the grant statements in the file(s) matching the filename pattern
"exempt_*.policy".  Exemption grants are optional.  For example:

    limited   =  grants exemption permissions, by which the
                 effective policy can be circumvented.
                 e.g.  KeyRecovery/KeyEscrow/KeyWeakening.

Please see the Java Cryptography Architecture (JCA) documentation for
additional information on these files and formats.

YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
TO DETERMINE THE EXACT REQUIREMENTS.

Please note that the JCE for Java SE, including the JCE framework,
cryptographic policy files, and standard JCE providers provided with
the Java SE, have been reviewed and approved for export as mass market
encryption item by the US Bureau of Industry and Security.
jdk-sandbox