The Java Cryptography Extension (JCE) 1.2.1 provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block, and stream ciphers. The software also supports secure streams and sealed objects. JCE 1.2.1 supplements the Java 2 platform (Java Cryptography Architecture JCA), which already includes interfaces and implementations of message digests and digital signatures. That is JCE includes all of the function of JCA plus a great deal of additional function. This version of JCE 1.2.1 has been made compatible with the OS/390 (and z/OS) environments and has the provider name of IBMJCE.
To download a copy of the documentation for the IBMJCE provider, download the jcedocs.jar file.
The jcedocs.jar files contain the following documents:
To extract the documentation from the downloaded .tar file, place the .tar file at the directory location where you would like the documentation (for instance the ${java-home}/docs/jceDocs directory) and issue the following command:
jar -xvf jcedocs.jar
Note that the jcedocs.jar file is actually a Java Archive (.jar) file that contains documentation only and no executable code. The jar command above will work whether the file type is .tar or .jar.
For a general overview of JCE, see Sun's documentation of JCE. The documents at this Web site contain links to many other Web-based information sources.
The IBM version of JCE differs from the Sun version in the following ways:
- The com.sun.crypto.provider.* packages have been moved to com.ibm.crypto.provider* packages.
- IBM provides more algorithms in the JCE.
The following files are preinstalled in the ${java-home}/lib/ext directory:
- ibmjceprovider.jar
- ibmjcefw.jar
- US_export_policy.jar
- local_policy.jar
The following directories and files are preinstalled in the ${java-home}/demo directory:
- jce/policy-files/global
- US_export_policy.jar
- local_policy.jar
- jce/policy-files/unrestricted
- US_export_policy.jar
- local_policy.jar
To use the IBMJCE provider, you must specify the following in your java.security file in the ${java-home}/lib/security directory:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.crypto.provider.IBMJCE
Note that the IBM JCE provider must be placed after the default Sun provider.
Specifying Full Function versus Limited Key Size Cryptography
Files US_export_policy.jar and local_policy.jar pre-installed in directory ${java-home}/lib$/ext give you the ability to do full function cryptography and are installed by default. If you don't want this function, or can not use this function because of your country's laws, do the following:
- Remove the US_export_policy.jar and local_policy.jar files from the ${java-home}/lib/ext directory
- Copy different versions of the US_export_policy.jar and local_policy.jar files from directory ${java-home}/docs/jce/policy-files/global into the ${java-home}/lib/ext directory.
These files will give you JCE capabilities, but with limited key size.
For more information about these policy files, see the
JCE API Specification & Reference.
The sample programs that demonstrate how to use the IBMJCE are located in directory demo/jce/src.
|
