1
2            Java(TM) Cryptography Extension Policy Files
3    for the Java(TM) Platform, Standard Edition Runtime Environment
4
5                               README
6------------------------------------------------------------------------
7
8Import and export control rules on cryptographic software vary from
9country to country.  The Java Cryptography Extension (JCE) architecture
10allows flexible cryptographic key strength to be configured via the
11jurisdiction policy files which are referenced by the "crypto.policy"
12security property in the <java-home>/conf/security/java.security file.
13
14By default, Java provides two different sets of cryptographic policy
15files:
16
17    unlimited:  These policy files contain no restrictions on cryptographic
18                strengths or algorithms
19
20    limited:    These policy files contain more restricted cryptographic
21                strengths
22
23These files reside in <java-home>/conf/security/policy in the "unlimited"
24or "limited" subdirectories respectively.
25
26Each subdirectory contains a complete policy configuration,
27and subdirectories can be added/edited/removed to reflect your
28import or export control product requirements.
29
30Within a subdirectory, the effective policy is the combined minimum
31permissions of the grant statements in the file(s) matching the filename
32pattern "default_*.policy".  At least one grant is required.  For example:
33
34    limited   =  Export (all) + Import (limited)  =  Limited
35    unlimited =  Export (all) + Import (all)      =  Unlimited
36
37The effective exemption policy is the combined minimum permissions
38of the grant statements in the file(s) matching the filename pattern
39"exempt_*.policy".  Exemption grants are optional.  For example:
40
41    limited   =  grants exemption permissions, by which the
42                 effective policy can be circumvented.
43                 e.g.  KeyRecovery/KeyEscrow/KeyWeakening.
44
45Please see the Java Cryptography Architecture (JCA) documentation for
46additional information on these files and formats.
47
48YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
49TO DETERMINE THE EXACT REQUIREMENTS.
50
51Please note that the JCE for Java SE, including the JCE framework,
52cryptographic policy files, and standard JCE providers provided with
53the Java SE, have been reviewed and approved for export as mass market
54encryption item by the US Bureau of Industry and Security.
55