Difference between revisions of "Java encryption key - setting unlimited length"
(4 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
− | + | [[Category:How_To]] | |
+ | [[Category:Fusion Registry Install]] | ||
+ | |||
+ | __NOTOC__ | ||
Releases of the Oracle Java Runtime Environment (JRE) prior to 1.8.0_151 require a change to their default security policy configuration to support the 256-bit AES encryption used by the Fusion products for sensitive data. | Releases of the Oracle Java Runtime Environment (JRE) prior to 1.8.0_151 require a change to their default security policy configuration to support the 256-bit AES encryption used by the Fusion products for sensitive data. | ||
If an <strong>Encryption Failed - Illegal key size or default parameters</strong> error is reported, change to a different Java implementation such as [https://aws.amazon.com/corretto/ Amazon Corretto 8], or follow the procedure below to modify the Oracle Java security policy to support encryption keys of unlimited length. | If an <strong>Encryption Failed - Illegal key size or default parameters</strong> error is reported, change to a different Java implementation such as [https://aws.amazon.com/corretto/ Amazon Corretto 8], or follow the procedure below to modify the Oracle Java security policy to support encryption keys of unlimited length. | ||
+ | [[File:IllegalKeySizeError.PNG|400px]] | ||
+ | |||
+ | ===Procedure=== | ||
====1. Shutdown the Java web application server - e.g. Tomcat==== | ====1. Shutdown the Java web application server - e.g. Tomcat==== | ||
====2. In JAVA_HOME, search for the file java.security==== | ====2. In JAVA_HOME, search for the file java.security==== | ||
+ | JAVA_HOME is the directory where the Java software is installed. A typical directory tree is shown below: | ||
+ | |||
+ | [[File:JavaHomeSecurity.PNG|300px]] | ||
+ | ====3. Find the java.security file==== | ||
+ | It should be under the <code>jre/lib/security</code> directory | ||
+ | ====4. Set crypto.policy to unlimited in java.security==== | ||
+ | Edit the java.security file and search for an entry like: | ||
+ | #crypto.policy=unlimited | ||
+ | Uncomment this line by removing the # | ||
+ | crypto.policy=unlimited | ||
+ | Save the file | ||
+ | ====5. Restart the Java web application server==== |
Latest revision as of 21:54, 10 September 2023
Releases of the Oracle Java Runtime Environment (JRE) prior to 1.8.0_151 require a change to their default security policy configuration to support the 256-bit AES encryption used by the Fusion products for sensitive data.
If an Encryption Failed - Illegal key size or default parameters error is reported, change to a different Java implementation such as Amazon Corretto 8, or follow the procedure below to modify the Oracle Java security policy to support encryption keys of unlimited length.
Procedure
1. Shutdown the Java web application server - e.g. Tomcat
2. In JAVA_HOME, search for the file java.security
JAVA_HOME is the directory where the Java software is installed. A typical directory tree is shown below:
3. Find the java.security file
It should be under the jre/lib/security
directory
4. Set crypto.policy to unlimited in java.security
Edit the java.security file and search for an entry like:
#crypto.policy=unlimited
Uncomment this line by removing the #
crypto.policy=unlimited
Save the file