Installing the Java Cryptography Extension on QRadar

The Java™ Cryptography Extension (JCE) is a Java framework that is required for IBM QRadar to decrypt advanced cryptography algorithms for AES192 or AES256. The following information describes how to install Oracle JCE on your QRadar appliance.

Procedure

  1. Optional: If you are using QRadar 7.2x, 7.3.0, or 7.31, complete the following steps:
    1. Download the latest version of the Java Cryptography Extension from the IBM website (https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk).

      The Java Cryptography Extension version must match the version of the Java that is installed on QRadar.

    2. Extract the JCE file.
      The following Java archive (JAR) files are included in the JCE download:
      • local_policy.jar
      • US_export_policy.jar
    3. Log in to your QRadar Console or QRadar Event Collector as a root user.
    4. Copy the JCE JAR files to the following directory on your QRadar Console or Event Collector:

      /store/configservices/staging/globalconfig/java_security

      Note: The JCE JAR files are only copied to the system that receives the AES192 or AE256 encrypted files.
    5. Restart the QRadar services by typing one of the following commands:
      • If you are using QRadar® 7.2.x, type service ecs-ec restart.
      • If you are using QRadar 7.3.0, type systemctl restart ecs-ec.service.
      • If you are using QRadar 7.3.1, type systemctl restart ecs-ec-ingress.service.
  2. Optional: If you are using QRadar 7.4.3 Fix Pack 4 or earlier, complete the Installing unrestricted SDK JCE policy files procedure (https://www.ibm.com/docs/en/qsip/7.4?topic=authentication-installing-unrestricted-sdk-jce-policy-files).
    Important: If you are using QRadar 7.4.3 Fix Pack 5 or later, do not install these files.