The Java™ Cryptography Extension (JCE) is integrated into the software development kit (SDK) Version 1.4.x and later. This is no longer an optional package. However, the default JCE jurisdiction policy file shipped with the SDK enables you to use cryptography to enforce this default policy. In addition, you can modify the Web services security configuration options to achieve the best performance for Web services ecurity protected applications.
Using the unrestricted JCE policy files
Due to export and import regulations, the default JCE jurisdiction policy file shipped with the SDK enables you to use strong, but limited, cryptography only. To enforce this default policy, WebSphere® Application Server uses a JCE jurisdiction policy file that might introduce a performance impact. The default JCE jurisdiction policy might have a performance impact on the cryptographic functions that are supported by Web services security. If you have Web services applications that use transport level security for XML encryption or digital signatures, you might encounter performance degradation over previous releases of WebSphere Application Server. However, IBM® and Sun Microsystems provide versions of these jurisdiction policy files that do not have restrictions on cryptographic strengths. If you are permitted by your governmental import and export regulations, download one of these jurisdiction policy files. After downloading one of these files, the performance of JCE and Web services security might improve.
The Unrestricted JCE Policy files for the SDK Web site is displayed.
For IBM i (both 5.4 and 6.1) and the IBM Software Development Kit, Java Technology Edition Version 6, the restricted JCE jurisdiction policy files are configured, by default. You can download the unrestricted JCE jurisdiction policy files from the following Web site: http://www.ibm.com/developerworks/java/jdk/security/60:
To configure the unrestricted jurisdiction policy files for IBM i and the IBM Software Development Kit, complete the following steps:
In IBM WebSphere Application Server Version 6.1 and later, Web services security supports the use of cryptographic hardware devices. There are two ways in which to use hardware cryptographic devices with Web services security. See Hardware cryptographic device support for Web Services Security for more information.
In this information ... | IBM Redbooks, demos, education, and more(Index) |