Javax.crypto is subject to export control; what does it mean?

Question

Javax.crypto is subject to export control; what does it mean?

According to http://docs.oracle.com/javase/6/docs/technotes/guides/security/overview/jsoverview.html :

For historical (export) reasons, cryptographic APIs are organized in two different packages. java.securitycontains classes that are not subject to export control (for example, Signatureand MessageDigest). javax.cryptothe package contains classes that are subject to export control (for example, Cipherand KeyAgreement).

What does it mean?

What is the difference?

Note. A link to this document is provided in the Java EE document in the security section → http://docs.oracle.com/javaee/6/tutorial/doc/bnbwj.html | is this ref out of date?

+5

java security

Ravi trivedi Apr 21 '13 at 0:46

source share

1 answer

Ejp · Answer 1 · 2013-04-21T01:16:43+0000

First of all, it should be noted that the text you are quoting begins "for historical reasons."

The United States had export control over some cryptographic algorithms and implementations above certain key lengths. They were mostly dumped during the Clinton administration: certainly those that affected Java. Any link you read to them in connection with Java cryptography is out of date.

Java, however, depends on the policies for importing cryptographic code and why loading the Unlimited Strength critical policy policy exists. If it is legal in your jurisdiction, you can download and install it. All he does is enable code that is already present in the JRE and which is therefore already exported. QED

Javax.crypto is subject to export control; what does it mean?

More articles: