How to check java unlimited strength encryption policy on a windows machine

Question

My java application I'm testing requires an unlimited strength encryption policy to run properly and I need a way to check if its installed on my machine.

This page provides a lot of ways to check using a java program but no way to do it natively on a windows machine. Checking if Unlimited Cryptography is available

Is there a way to check the policy file on a Windows machine without compiling a small java program and running the program through a batch file?

Answer 1

A JAR archive can be unzipped and the actual policy files are text readable, so you can evaluate the actual policies themselves (or compare against a known hash as Abhishek recommended above).

Example (unrestricted) default_local.policy:

$ more default_local.policy
// Country-specific policy file for countries with no limits on crypto strength.
grant {
    // There is no restriction to any algorithms.
    permission javax.crypto.CryptoAllPermission;
};

Example (restricted) default_local.policy:

$ more default_local.policy
// Some countries have import limits on crypto strength. This policy file
// is worldwide importable.

grant {
    permission javax.crypto.CryptoPermission "DES", 64;
    permission javax.crypto.CryptoPermission "DESede", *;
    permission javax.crypto.CryptoPermission "RC2", "javax.crypto.spec.RC2ParameterSpec", 128;
    permission javax.crypto.CryptoPermission "RC4", 128;
    permission javax.crypto.CryptoPermission "RC5", 128,
          "javax.crypto.spec.RC5ParameterSpec", *, 12, *;
    permission javax.crypto.CryptoPermission "RSA", *;
    permission javax.crypto.CryptoPermission *, 128;
};

The export restrictions are unlikely to change moving forward because of the current state of the EAR rules, so you'd be pretty safe just doing a grep for CryptoAllPermission vs. *, 128;.