Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Enable AES 256-bit encryption

Log in to subscribe to topics and get notified when content changes.

Enable AES 256-bit encryption

256-bit encryption is more secure than 128-bit encryption, and you can optionally configure AES 256-bit encryption on the Edge Encryption proxy server host. How you enable AES 256-bit encryption depends on the Java update installed on each proxy server host.

Edge Encryption supports only AES 128-bit and AES 256-bit keys.

Note: Java does not automatically allow unlimited strength keys. You must specifically enable the use of AES 256-bit encryption.

Enable AES 256-bit encryption for Java 8 update 141 (8u141) or earlier

Copy the Java Cryptography Extension (JCE) jurisdiction policy files to the Java home directory of each Edge Encryption proxy server host to enable AES 256-bit encryption for Java update 141 or earlier. 256-bit keys provide greater security than 128-bit keys.

Before you begin

Role required: admin

About this task

Your Java home directory includes the AES 128-bit policy files by default. To enable AES 256-bit encryption, you must overwrite the Java home directory policy files with the AES 256-bit policy files. You only need to download the JCE once, but you must update every Edge Encryption proxy server host.
Note: Java does not automatically allow unlimited strength keys. You must specifically enable the use of AES 256-bit encryption.

Procedure

  1. Download the JCE policy 8 ZIP file from Oracle.
  2. Unzip the file.
  3. On each proxy server host, copy the local_policy.jar and US_export_policy.jar files into the <Java-home-directory>/jre/lib/security folder.

Enable AES 256-bit encryption for Java 8 update 151 (8u151) or later

Edit the java.security policy file to enable AES 256-bit encryption for Java update 151 or later. 256-bit keys provide greater security than 128-bit keys.

Before you begin

Role required: admin

About this task

Perform this task in the Java home directory of each Edge Encryption proxy server host on which you want to enable AES 256-bit encryption.
Note: Java does not automatically allow unlimited strength keys. You must specifically enable the use of AES 256-bit encryption.

Procedure

  1. Navigate to <jre_home>/lib/security/java.security on the proxy server host, where JRE_HOME is an environment variable for both Microsoft Windows and Linux.
  2. Open the java.security policy file and find the line for the crypto.policy parameter, which is commented out by default.
  3. Remove the # character from the beginning of the crypto.policy line to uncomment the line, and then save the file.
    Note: If you do not uncomment the crypto.policy line, Java uses crypto.policy=limited, which restricts encryption to AES 128-bit keys.
Feedback