Prior to JCE 1.2.1, the JCE framework for encryption services was not exportable. Only people in the U.S. and Canada were allowed to use it. Export control restrictions by the U.S. Commerce Department prohibit such a framework from being exported outside the U.S. or Canada, unless appropriate mechanisms have been implemented to ensure that only qualified providers can be plugged into the framework. (Qualified providers include those approved for export and those certified for domestic use only. Qualified providers are signed by a trusted entity.)
The JCE 1.2.1 (and later) framework contains such mechanisms and is thus now exportable. It is transparent to application developers how providers are authenticated, and only qualified providers can be plugged into the JCE framework.
The JCE framework also enforces restrictions regarding the cryptographic algorithms and maximum cryptographic strength available to applets/applications in different jurisdiction contexts (locations). This makes the JCE framework worldwide exportable and worldwide importable.
Implications for Applications
Applications that do not require any cryptography stronger than the default strength (as defined by the applicable jurisdiction policy files described in the next section) will not require any modifications by their vendors. Existing unmodified applications will run unrestricted, exactly as before in the domestic market (the United States and Canada). Such applications can now also be exported. When such an application is run outside the domestic market, the maximum cryptographic strength that can be utilized by any Cipher it creates is determined by the default policy.
New applications that are unsigned or that are signed but not by an entity trusted by JCE will also have the maximum cryptographic strength determined by the default policy.
Applications that need stronger cryptography will need to be signed by a "trusted signer" and have an associated permission policy file also signed and bundled with the application in a JAR file.