Error encrypting?

Douglas E Engert deengert at gmail.com
Fri Jun 27 12:08:00 EDT 2014



On 6/27/2014 9:23 AM, Cantor, Scott wrote:
> On 6/27/14, 10:17 AM, "Rhys Smith" <Smith at cardiff.ac.uk> wrote:
>>
>> Just a thought, might be entirely wrong - is this something to do with
>> the key strength support in the IdP¹s JRE?

Could be.

Search for: java unlimited strength jurisdiction policy files N
where N it the Java version number.

http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

Not sure what the default policy is today, but it used to require the update to
use AES 192 or 256.


>
> Certainly possible I suppose. That's why I suggest looking at the key and
> seeing if anything jumps out.
>
> But for an RSA key, that's really unlikely I think.
>
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders
> .html#importlimits





>
>> Does one still need to put the Unlimited Strength Policy files in the
>> JRE, or use the bouncy castle provider with higher strength support? I¹ve
>> lost track of where that is nowadays, but remember that was something
>> that used to be required.
>
> There is no requirement for BC as a JCE provider.
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>

-- 

  Douglas E. Engert  <DEEngert at gmail.com>



More information about the users mailing list