Permission Model and Policy Files

JCE takes advantage of the security model introduced in J2SE. In particular, privileges related to the use of strong(er) cryptography are expressed as permission classes whose definitions are bundled with the JCE framework.

JCE comes with two JAR files:

• US_export_policy.jar containing policy files representing U.S. government export rules.
• local_policy.jar containing policy files intended to represent local government restrictions. (Note: At this time, the local jurisdiction policy files are not actually country-specific; everyone not in the U.S. or Canada gets the same "local" policy files.).

These JAR files are signed by the same entity and they contain jurisdiction policy files that specify the allowable cryptography algorithms, key strengths, and algorithm parameter values for default and exempt applications (see later in this document).

JCE represents its jurisdiction policy files as J2SE-style policy files with corresponding permission statements. As described in Default Policy Implementation and Policy File Syntax, a J2SE policy file specifies what permissions are allowed for code from specified code sources. A permission represents access to a system resource. In the case of JCE, the "resources" are cryptography algorithms, and code sources do not need to be specified, because the cryptographic restrictions apply to all code.