Configure Java Encryption

  1. Extract local_policy.jar and US_export_policy.jar from the unlimited strength policy files and copy them into the following location(s) .
    Configuration JDK Location
    All installations

    $JAVA_HOME/jre/lib/security

  2. Locate the java.security file in the /security directory.
  3. Verify that the file permissions on the java.security file allow write access for "owner", "group", and "other".

    If they do not, change permissions on the file.

    chmod 777 java.security

  4. Use a text editor to open the java.security file. Add the following line. 

    security.provider.ProviderNumber=org.bouncycastle.jce.provider.BouncyCastleProvider

    where ProviderNumber is the number that reflects the position where the line appears in the file.

    You must change the ProviderNumber for each security.provider that appears after the Bouncy Castle line.

    • The security.provider line for Bouncy Castle works at position 7.

      IBM JDK Example 

      security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.as400.ibmonly.net.ssl.Provider
security.provider.6=com.ibm.jsse.IBMJSSEProvider
security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.8=com.ibm.security.jgss.IBMJGSSProvider
  5. Change file permissions on the java.security file to read/execute access for "owner", "group", and "other".

    chmod 555 java.security

  6. Repeat these steps for all JDKs used by your system, including the java.security files for JDKs on machines running applications that connect to Lawson using the Distributed Single Sign-on solution (DSSO). (This includes the JDKs embedded in the application server.)

    • The java.security file for the WebSphere JDK, located in:

      /QIBM/UserData/WebSphere/AppServer/V85/ND/profiles/LAWWAS85/properties where LAWWAS85 is the name of the profile created to run Lawson.

    • The java.security files for JDKs on machines running applications that connect to Lawson using the Distributed Single Sign-on Solution (DSSO).

    Now you are ready to verify the encryption algorithms.