Cannot add CryptoPermission to java.policy file

Question

I am attempting to filter the available crypto algorithms available to a system for some testing, but am running into an issue.

In the local_policy.jar file it contains various entries in the default_local.policy file, eg

permission javax.crypto.CryptoPermission "DES", 64;

I am trying to use a custom policy file by passing:

-Djava.security.manager -Djava.security.policy=F:/myfile.policy

This works to a point, but an error is received:

java.security.policy: error parsing file:/F:/myfile.policy: 
line 65: expected [;], found [64]

For some reason it won't read anything outside quotes "" but this works from what is in the local_policy.jar file. The contents of the policy file is as follows:

grant {
    permission javax.crypto.CryptoPermission "DES", 64; <--- line #65
    permission javax.crypto.CryptoPermission "DESede", *;
    permission javax.crypto.CryptoPermission "RC4", 128;
    permission javax.crypto.CryptoPermission "RSA", *;
    permission javax.crypto.CryptoPermission *, 128;
};

I have also tried using the Policy Tool (policytool.exe in the jdk/bin folder), but I get:

java.lang.NoSuchMethodException: javax.crypto.CryptoPermission.<init>
(java.lang.String, java.lang.String)

Any ideas?

Thanks.

Answer 1

The javax.crypto.CryptoPermissions are no permissions to be used with the security manager, but apply to the java cryptographic extensions (JCE). That is, they go into a separate policy file (which more or less shares the format with the policy file for the security manager). You'll find more information on JCE here: http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html

If I am not mistaken (and this might well be the case here) the JCE policy file needs to be installed by exchanging files in your JRE/JDK installation (see also some information here: Java Security: Illegal key size or default parameters? ). As far as I know this policy file cannot be simply specified via a VM argument.