I am attempting to filter the available crypto algorithms available to a system for some testing, but am running into an issue.
In the local_policy.jar file it contains various entries in the default_local.policy file, eg
permission javax.crypto.CryptoPermission "DES", 64;
I am trying to use a custom policy file by passing:
-Djava.security.manager -Djava.security.policy=F:/myfile.policy
This works to a point, but an error is received:
java.security.policy: error parsing file:/F:/myfile.policy:
line 65: expected [;], found [64]
For some reason it won't read anything outside quotes "" but this works from what is in the local_policy.jar file. The contents of the policy file is as follows:
grant {
permission javax.crypto.CryptoPermission "DES", 64; <--- line #65
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RSA", *;
permission javax.crypto.CryptoPermission *, 128;
};
I have also tried using the Policy Tool (policytool.exe in the jdk/bin folder), but I get:
java.lang.NoSuchMethodException: javax.crypto.CryptoPermission.<init>
(java.lang.String, java.lang.String)
Any ideas?
Thanks.
The javax.crypto.CryptoPermissions are no permissions to be used with the security manager, but apply to the java cryptographic extensions (JCE). That is, they go into a separate policy file (which more or less shares the format with the policy file for the security manager). You'll find more information on JCE here: http://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html
If I am not mistaken (and this might well be the case here) the JCE policy file needs to be installed by exchanging files in your JRE/JDK installation (see also some information here: Java Security: Illegal key size or default parameters? ). As far as I know this policy file cannot be simply specified via a VM argument.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.