@dragon-den/djdk
Advanced tools
Readme
Java(TM) Cryptography Extension Policy Files
for the Java(TM) Platform, Standard Edition Runtime Environment
README
Import and export control rules on cryptographic software vary from country to country. The Java Cryptography Extension (JCE) architecture allows flexible cryptographic key strength to be configured via the jurisdiction policy files which are referenced by the "crypto.policy" security property in the /conf/security/java.security file.
By default, Java provides two different sets of cryptographic policy files:
unlimited: These policy files contain no restrictions on cryptographic
strengths or algorithms
limited: These policy files contain more restricted cryptographic
strengths
These files reside in /conf/security/policy in the "unlimited" or "limited" subdirectories respectively.
Each subdirectory contains a complete policy configuration, and subdirectories can be added/edited/removed to reflect your import or export control product requirements.
Within a subdirectory, the effective policy is the combined minimum permissions of the grant statements in the file(s) matching the filename pattern "default_*.policy". At least one grant is required. For example:
limited = Export (all) + Import (limited) = Limited
unlimited = Export (all) + Import (all) = Unlimited
The effective exemption policy is the combined minimum permissions of the grant statements in the file(s) matching the filename pattern "exempt_*.policy". Exemption grants are optional. For example:
limited = grants exemption permissions, by which the
effective policy can be circumvented.
e.g. KeyRecovery/KeyEscrow/KeyWeakening.
Please see the Java Cryptography Architecture (JCA) documentation for additional information on these files and formats.
YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY TO DETERMINE THE EXACT REQUIREMENTS.
Please note that the JCE for Java SE, including the JCE framework, cryptographic policy files, and standard JCE providers provided with the Java SE, have been reviewed and approved for export as mass market encryption item by the US Bureau of Industry and Security.
FAQs
Unknown package
We found that @dragon-den/djdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.