Configure Java Encryption

  1. Extract local_policy.jar and US_export_policy.jar from the unlimited strength policy files and copy them into the following location(s) .
    Configuration JDK Location
    All installations

    $JAVA_HOME/jre/lib/security
    WebSphere installations $WAS_HOME/java/jre/lib/security
  2. Locate the java.security file in the /security directory.
  3. Verify that the file permissions on the java.security file allow write access for "owner", "group", and "other".

    If they do not, change permissions on the file.

    chmod 777 java.security

  4. Use a text editor to open the java.security file. Add the following line. 
    security.provider.ProviderNumber=org.bouncycastle.jce.provider.BouncyCastleProvider

    where ProviderNumber is the number that reflects the position where the line appears in the file.

    You must change the ProviderNumber for each security.provider that appears after the Bouncy Castle line.

    • For Oracle JDK, the security.provider line for Bouncy Castle must come AFTER the sun.security.provider.Sun line.

      Oracle JDK Example 

      security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider

    • For IBM JDK, the security.provider line for Bouncy Castle must come AFTER the com.ibm.crypto.provider.IBMJCE line.

      IBM JDK Example 

      security.provider.1=com.ibm.crypto.provider.IBMJCE
security.provider.2=com.ibm.jsse.IBMJSSEProvider
security.provider.3=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.4=com.ibm.jsse2.IBMJSSEProvider2
security.provider.5=com.ibm.security.jgss.IBMJGSSProvider
security.provider.6=com.ibm.security.cert.IBMCertPath
security.provider.7=com.ibm.crypto.pkcs11.provider.IBMPKCS11
security.provider.8=com.ibm.security.cmskeystore.CMSProvider
security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
  5. Change file permissions on the java.security file to read/execute access for "owner", "group", and "other".

    chmod 555 java.security

  6. Repeat these steps for all JDKs used by your system, including the java.security files for JDKs on machines running applications that connect to Lawson using the Distributed Single Sign-on solution (DSSO). (This includes the JDKs embedded in the application server.)

    • The java.security file for the WebSphere JDK, located in:

    • The java.security files for JDKs on machines running applications that connect to Lawson using the Distributed Single Sign-on Solution (DSSO).

    Now you are ready to verify the encryption algorithms.