Downloaded Jurisdiction Policy Files

Jurisdiction Policy Files for Domestic Market

US_export_policy.jar:
 default_domestic_US_export.policy 
local_policy.jar:
 default_domestic_local.policy 

These files for domestic users currently specify that all applications are unrestricted, that is, the applications can utilize any available cryptographic strengths they need.

Jurisdiction Policy Files for Global Market

US_export_policy.jar:
 default_global_US_export.policy 
local_policy.jar:
 default_global_local.policy
exempt_global_local.policy

As you can see, there are both "default" and "exempt" jurisdiction policy files.

The default files represent the default cryptographic strengths allowed for applications that are unsigned or that are signed but not by parties trusted by JCE. When JCE is running such applications, for each cryptography algorithm utilized, JCE determines and enforces the weaker of the cryptographic strengths specified in the two default files downloaded by the user.

If a default file for a given domain (US_export or local) specifies that applications are unrestricted, no corresponding exempt file is needed or supplied for that domain. (When applications are unrestricted the JAR files for domestic users do not currently contain any exempt policy files, and there is no exempt_global_US_export.policy.)

Otherwise, an exempt file is required. The exempt file specifies the conditions under which "exempt applications" can have reduced cryptographic restrictions. Exempt policy files are consulted when an application is determined at run time to be potentially exempt from some or all cryptographic restrictions.

In order for an application to be recognized as "exempt" at run time, it must have a policy file bundled with it in a JAR file. The policy file specifies what cryptography-related permissions of the application, and the conditions (if any) for those permissions.