Using OpenPGP without unlimited JCE policy files

Using OpenPGP without unlimited JCE policy files

NOTE: This article is Obsolete

As of version 3.0 DidiSoft OpenPGP Library for Java doesn’t need the Unlimited JCE policy files in order to provide full OpenPGP cryptography support!

The default setup of the Java virtual machine (either JDK or JRE) limits some of the ciphers to a certain key strength. The main reason for this is that cryptography is restricted for export by the law in some countries.

A full documentation how to unlock the unlimited Java Cryptography Extensions (JCE) can be found here:

But there may be a situation when you cannot touch the JCE policy files on the client’s machine, for example if you are developing a mass market application. In that case a possible workaround is to limit the number of cryptography algorithms used by your application and still use OpenPGP. If we observe the file : <jre>\lib\security\local_policy.jar\default_local.policy we can see at its end:

permission javax.crypto.CryptoPermission "RSA", *;
permission javax.crypto.CryptoPermission *, 128;

From the above lines we can conclude that we can safely use RSA OpenPGP keys without limitation in the key length. We can also use all the preferred symmetric algorithms that have key size below or equal to 128 bits: AES-128, CAST-5, Blowfish.