Appendix B: JCE Jurisdiction Policy Files

The JCE jurisdiction policy files contain the maximum allowable cryptography strength defined by laws (such as the U.S. export regulations).

You can obtain the jurisdiction policy files for the U.S. and Canada when downloading the JCE software bundle for users within the U.S. and Canada. There is no restriction to the maximum allowable cryptography strength in the jurisdiction policy files for users within the U.S. and Canada.

You can obtain the jurisdiction policy files for global users when downloading the JCE software bundle for global users. There are restrictions to the maximum allowable cryptography strength in the jurisdiction policy files for global users. Currently, 512 bits is the maximum allowable keysize for RSA encryption; 64 bits is the maximum allowable keysize for all other encryption algorithms.

The jurisdiction policies are enforced by the JCE framework. For example, you cannot usually use a Blowfish key of 448 bits with the JCE software for global users even if there is a provider that supports this keysize for Blowfish, because the global jurisdiction policy files say that the maximum allowable keysize for Blowfish is 64. You can use a Blowfish key of 448 bits with the JCE software for users within the U.S. and Canada if there is a provider that supports this keysize for Blowfish, because there is no restriction in the jurisdiction policy files for users within the U.S. and Canada.