Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Enable AES 256-bit encryption (optional)

Enable AES 256-bit encryption (optional)

Enabling AES 256-bit encryption depends on the Java update installed on each Edge Encryption proxy server host machine.

Important: Edge Encryption supports only AES 128-bit and AES 256-bit keys.

Enable AES 256-bit encryption for Java 8 update 141 (8u141) or lower

Install the Java Cryptography Extension (JCE) jurisdiction policy files by copying them into the Java home directory of each Edge Encryption proxy server host machine.

About this task

Your Java home directory includes the AES 128-bit policy files by default. To enable AES 256-bit encryption, you must overwrite the Java home directory policy files with the AES 256-bit policy files. It is only necessary to download the JCE once, but every Edge Encryption proxy server host machine must be updated.

Important: Java does not automatically allow unlimited strength keys.

Procedure

  1. Download the JCE policy 8 ZIP file from Oracle.
  2. Unzip the file.
  3. On each proxy server host machine, copy the local_policy.jar and US_export_policy.jar files into the <Java-home-directory>/jre/lib/security folder.

Result

You can now use AES 256-bit encryption on the proxy server host machine.

Enable AES 256-bit encryption for Java 8 update 151 (8u151) or higher

Edit the java.security policy file to allow the use of unlimited strength keys. Alternately, you can overwrite the Java home directory policy files with the AES 256-bit policy files, as described below for Java 8 update 141 (8u141) or lower, but editing the java.security file is simpler.

Before you begin

Role required: admin

About this task

Perform this task in the Java home directory of each Edge Encryption proxy server host machine on which you want to enable AES 256-bit encryption.

Important: Java does not automatically allow unlimited strength keys.

Procedure

  1. Navigate to <jre_home>/lib/security/java.security on the proxy server host machine, where JRE_HOME is an environment variable for both Windows and Linux.
  2. Open the java.security policy file and find the line for the crypto.policy parameter, which is commented out by default.
  3. Remove the # character from the beginning of the crypto.policy line to uncomment the line, and then save the file.

Result

You can now use AES 256-bit encryption on the proxy server host machine.
Note: If you do not uncomment the crypto.policy line, Java uses crypto.policy=limited, which restricts encryption to AES 128-bit keys.