The Java Cryptography Extension (JCE) policy is integrated into
the IBM Software Development Kit (SDK) Version 1.4.x and is no longer
an optional package. However, due to export and import regulations, the default
JCE jurisdiction policy file shipped with the SDK enables you to use strong,
but limited, cryptography only.
About this task
To enforce this default policy, WebSphere Application Server uses
a JCE jurisdiction policy file that might introduce a performance impact.
The default JCE jurisdiction policy might have a performance impact on the
cryptographic functions that are supported by Web services security. If you
have Web services applications that use transport level security for XML encryption
or digital signatures, you might encounter performance degradation over previous
releases of WebSphere Application Server. However, IBM and Sun Microsystems
provide versions of these jurisdiction policy files that do not have restrictions
on cryptographic strengths. If you are permitted by your governmental import
and export regulations, download one of these jurisdiction policy files. After
downloading one of these files, the performance of JCE and Web Services security
might improve.
Procedure
For WebSphere Application Server platforms using IBM Developer Kit, Java
Technology Edition Version 1.4.2, including the AIX, Linux, and Windows platforms,
you can obtain unlimited jurisdiction policy files by completing the following
steps:
- Go to the following Web site: http://www.ibm.com/developerworks/java/jdk/security/index.html.
- Click Java 1.4.2.
- Click IBM SDK Policy files. The Unrestricted
JCE Policy files for SDK 1.4 Web site is displayed.
- Enter your user ID and password or register with IBM to download
the policy files. The policy files are downloaded onto your machine.
For WebSphere Application Server platforms using the Sun-based Java Development
Kit (JDK) Version 1.4.2, including the Solaris environments and the HP-UX
platform, you can obtain unlimited jurisdiction policy files by completing
the following steps:
- Go to the following Web site: http://java.sun.com/j2se/1.4.2/download.html.
- Click Other Downloads.
- Locate the JCE Unlimited Strength Jurisdiction Policy Files
1.4.2 information and click Download. The policy files
are downloaded onto your machine.
For i5/OS and IBM Software Development Kit Version 1.4, the tuning of
Web services security is not required. The unrestricted jurisdiction policy
files for IBM Software Development Kit Version 1.4 are automatically configured
when the prerequisite software is installed.
- For i5/OS V5R3, the unrestricted jurisdiction policy files for
IBM Software Development Kit Version 1.4 are automatically configured by installing
product 5722AC3, Crypto Access Provider 128-bit.
- For i5/OS V5R4, the unrestricted jurisdiction policy files for
IBM Software Development Kit Version 1.4 are automatically configured by installing
product 5722SS1 Option 3, Extended Base Directory Support.
Results
After following either of these sets of steps,
two Java Archive (JAR) files are placed in the JVM directory.
jre/lib/security/
C:\Program Files\ibm\jre\lib\security