The symmetric
key wrap, or private key cryptography, algorithms include:
- Triple DES key wrap: http://www.w3.org/2001/04/xmlenc#kw-tripledes
- AES key wrap (aes128): http://www.w3.org/2001/04/xmlenc#kw-aes128
- AES key wrap (aes256): http://www.w3.org/2001/04/xmlenc#kw-aes256
Restriction: To use the 256–bit AES encryption algorithm,
you must apply the unlimited jurisdiction policy files. To remain
in compliance, see Basic Security Profile compliance tips.
Before downloading these policy files, mount the product
HFS as read/write. Back up the existing policy files prior to overwriting
them, in case you want to restore the original files later. The existing
policy files, which are the local_policy.jar and US_export_policy.jar files,
are located in the WAS_HOME/java/jre/lib/security/ directory.
Important: Your country of origin
might have restrictions on the import, possession, use, or re-export
to another country, of encryption software. Before downloading or
using the unrestricted policy files, you must check the laws of your
country, its regulations, and its policies concerning the import,
possession, use, and re-export of encryption software, to determine
if it is permitted.
For
application server platforms using IBM Developer
Kit, Java Technology Edition Version 5, you can obtain
unlimited jurisdiction policy files by completing the following steps:
- Visit the IBM developerWorks: Security Information website.
- Click Java 5.
- Click IBM SDK Policy files.
The Unrestricted
JCE Policy files for SDK 5 website is displayed.
- Enter your user ID and password or register with IBM to
download the policy files. The policy files are downloaded onto your
workstation.
- Re-mount your product HFS as read/only.
For more information on the algorithm suite components,
see Algorithms settings.