The default JCE policy files supplied by SAP JVM contains only limited strength. So it will not support if the keys are generated with the size more than 128 bits. But the newly shipped components like PGP, OFTP and AS2 requires key sizes which are greater than 128
bits for better security. Especially PGP modules will not support keys with the size less than 1024 bits. So in order to support the same, the default limited JCE policies should be overridden with the unlimited strength. The following steps will be describes the steps to be followed in detail.
SAP ships only limited strength files. You have to download the unlimited stregnth files from the Java provider (Sun/Oracle). These policies depend on the JVM versions. So download the corresponding policy files based on the JVM version(7.11 uses JVM 5, 7.30 &
7.31 uses JVM 6)
You can download the files after accepting the license agreement.
Extract the following files from downloaded zip file.
Login to the Application Server and replace the above mentioned files in the following locations.
<SID> – System ID
J<XX> – Java Only Instance. If it is Dual Stack, it will D<XX> or DVEBMGS<XX>
<Version> – JVM Version. It could 5 or 6
<Patch> – JVM Patch
The above mentioned paths are from PI 7.31 which installed on windows OS. If multiple JVM patch is installed (like 6.1.030, 6.1.031 etc…), the files from all the patch (or) recent patch should be replaced. For other operating systems, the relevant paths can be substituted.
Just restart the engine for the JVM to be updated with the new policies.
In the upcoming posts, I will be writing about the possible issues might occur if JCE unlimited strength is not installed.