SEAL 1.4+

Export Policy

JDK 1.4 and 5.0 are shipped with policy files that support strong but not unbounded encryption strength. However, SUN and IBM do distribute policy files that allows unbounded encryption strength which is needed by the SOSI component:

1. Download og extract US_export_policy.jar and local_policy.jar from
   • Sun 1.4.2: http://java.sun.com/j2se/1.4.2/download.html ('Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files' - in the bottom part of the page)
   • Sun 1.5: http://java.sun.com/javase/downloads/index_jdk5.jsp ('Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files' - in the bottom part of the page)
   • Sun 1.6: http://java.sun.com/javase/downloads/index.jsp ('Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files' - in the bottom part of the page)
   • IBM 1.4.2: http://www-128.ibm.com/developerworks/java/jdk/security/142/
   • IBM 1.5: http://www-128.ibm.com/developerworks/java/jdk/security/50/
2. Copy these two files to $JRE_HOME/lib/security and overwrite the existing files.

JCE Providers are now handled via properties in Seal. Hence there is no need to edit java.security, etc.

SEAL 1.0 - 1.3

Export Policy

JDK 1.4 is shipped with policy files that supports strong but not unbounded encryption strength. However, SUN does distribute policy files that allows unbounded encryption strength which is needed by the SOSI component:

1. Download og extract US_export_policy.jar and local_policy.jar from
   • Sun 1.4.2: http://java.sun.com/j2se/1.4.2/download.html (in the bottom part of the page)
   • Sun 1.5: http://java.sun.com/javase/downloads/index_jdk5.jsp
   • IBM 1.4.2: http://www-128.ibm.com/developerworks/java/jdk/security/142/

1. Copy these two files to $JRE_HOME/lib/security and overwrite the existing files.

Configuring JCE with support for RSA

The OCES certificates uses SHA-1 secure hashing with RSA encryption based on 1024 bit keys. This combination of security is not supported by Sun's JCE provider implementation. Therefore you need to configure your JDK as follows:

Bouncycastle Provider

1. Get bcprov-jdk14-132.jar from http://www.bouncycastle.org/download/bcprov-jdk14-132.jar.
2. Copy bcprov-jdk14-132.jar to $JRE_HOME/lib/ext (note: on windows JRE_HOME is %JAVA_HOME%/jre)
3. Open $JRE_HOME/lib/security/java.security i a text editor
4. Add security.provider.[number]=org.bouncycastle.jce.provider.BouncyCastleProvider to the list of providers. On a SUN JRE, the bouncycastle provider must be placed right after the sun.security.provider.Sun provider. Rename all subsequent providers accordingly (i.e. ''security.provider.2'' to ''security.provider.3'' etc.)