Skip to Content
Author's profile photo Varun Mukund

Trick to check unlimited JCE policy has been installed properly

Dear Friends,

As we all know with the secure connectivity add on, SAP provides us with the PGP module. As part of the installation of this package, there is a guideline to install unlimited JCE on the PI server.

If unlimited JCE is not installed properly, then you get a bounty castle exception on the communication channel while using the PGP module.

What I have seen twice in different projects is that the jar files required for unlimited JCE from Oracle’s website are usually dated older than the actual jars present in the PI system. And due to this, I have seen the technical basis person to ignore these jar files assuming that the latest jars are already available. Also, at times a restart was not taken and hence the unlimited jce policy was never applied.

I have found a handy trick to test if unlimited JCE is properly installed on the PI box or not. I’m not detailing the steps needed to create a message mapping etc as there are enough resources available for that.


  • Create a dummy message mapping. Use any existing message type for both source and target.
  • Create a text UDF. Import javax.crypto.Cipher and put the below code snippet

getTrace.addWarning("" +Cipher.getMaxAllowedKeyLength("AES"));
return "";

Attach this UDF to any target field(Preferably root) and perform a “Display Queue”.

If the trace warning gives a value of 128, then it indicates that the unlimited JCE is not installed properly. If it is installed properly, then 2147483647 should be the value.

Hope this helps the community.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Nice exploring Varun and thanks for sharing


      Praveen Gujjeti

      Author's profile photo Andy Silvey
      Andy Silvey

      Hi Varun,

      this is indeed a neat trick.

      How many times have I has to unzip and look in the manifest etc to check the JCE policy status.



      Author's profile photo priyank shrivastava
      priyank shrivastava
      Author's profile photo Former Member
      Former Member

      Hi Priyank,

      Hope you already solved it, if not you just have to use Try Catch loop to get the value

      getTrace().addWarning("" +Cipher.getMaxAllowedKeyLength("AES"));
      return "";
      catch(Exception e)
      return "";

      once you have this code and display trace, the exception should show the value as either 128 orĀ 2147483647