Limited versus Unlimited Cryptography
When you download and install J2SE v1.4, by default you get cryptographic capabilities that are termed as strong but limited by Java Cryptographic Extension Reference Guide. What does it mean? Here the term “strong” means that cryptographic algorithms that are considered cryptographically hard to break, such as TripleDES, RSA and so on. are supported. The term “limited” means that the keysize supported by these algorithms is limited to certain values.
A jurisdiction policy file controls the keysize supported. We learn more about policy files in Chapter 5, Access Control. The brief summary is that the code invoking the cryptographic algorithms checks the policy file before continuing the operation. This policy ...
Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
