Installing Policy Files and

Bouncy Castle Provider

 

Step 1: Test that the correct Jurisdiction Policy Files Are Installed


Because there are restrictions on which cryptography can be exported out of the US, Java has various policy files that define the limits on, for example, key lengths.  Ensure you have the unrestricted policy files.  Download the examples available here, change into the bin directory and run: java chapter1/SimplePolicyTest


This should return:

64 bit test: passed

192 bit test: passed

Tests completed


If you throw and exception or receive another failure, you may not have the correct policy files installed.  You can find the unrestricted policy files here.


Step 2: Installing the Bouncy Castle Provider


Visit the Bouncy Castle Latest Releases page.


Download the provider appropriate for your java version (e.g. 1.3, 1.4, 1.5, etc).  It should be called bcprov-jdkXX-138.jar where XX is your java version.


Place this jar file in the jre/lib/ext (on Mac/*nix) or jre\lib\ext (on Windows).  I’m not sure where the default location on Windows is, but search for the path or other the location of other jar files.  On my mac, the path was: /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home/lib/ext/


Enable the provider by editing the file jre/lib/security.  Find the lines that look like:


security.provider.1=sun.security.provider.Sun

security.provider.2=com.sun.net.ssl.internal.ssl.Provider


Add the following line to the end of the list:


security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider


where N is the next number in the sequence.


Step 3: Test Bouncy Castle Provider Installation


In the example code, change to the bin directory and run: java chapter1.SimpleProviderTest.  If you see:


BC provider is installed


You’re all done.