Java(TM) Cryptography Extension Policy Files for the Java(TM) Platform, Standard Edition Runtime Environment README ------------------------------------------------------------------------ Import and export control rules on cryptographic software vary from country to country. The Java Cryptography Extension (JCE) architecture allows flexible cryptographic key strength to be configured via the jurisdiction policy files which are referenced by the "crypto.policy" security property in the /conf/security/java.security file. By default, Java provides two different sets of cryptographic policy files: unlimited: These policy files contain no restrictions on cryptographic strengths or algorithms limited: These policy files contain more restricted cryptographic strengths These files reside in /conf/security/policy in the "unlimited" or "limited" subdirectories respectively. Each subdirectory contains a complete policy configuration, and subdirectories can be added/edited/removed to reflect your import or export control product requirements. Within a subdirectory, the effective policy is the combined minimum permissions of the grant statements in the file(s) matching the filename pattern "default_*.policy". At least one grant is required. For example: limited = Export (all) + Import (limited) = Limited unlimited = Export (all) + Import (all) = Unlimited The effective exemption policy is the combined minimum permissions of the grant statements in the file(s) matching the filename pattern "exempt_*.policy". Exemption grants are optional. For example: limited = grants exemption permissions, by which the effective policy can be circumvented. e.g. KeyRecovery/KeyEscrow/KeyWeakening. Please see the Java Cryptography Architecture (JCA) documentation for additional information on these files and formats. YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY TO DETERMINE THE EXACT REQUIREMENTS. Please note that the JCE for Java SE, including the JCE framework, cryptographic policy files, and standard JCE providers provided with the Java SE, have been reviewed and approved for export as mass market encryption item by the US Bureau of Industry and Security.