Stronger Crypto for Your Passwords in JMC

If you would like to use a stronger PBE cipher than triple DES & SHA-1 for storing passwords in JMC, this is how to go about it:

    1. Download a crypto provider containing the cipher you want. For example the latest provider jar from Bouncy Castle (at the time of writing, this was bcprov-jdk15on-150.jar)
    2. Copy the jar to JAVA_HOME/jre/lib/ext
    3. Edit your JAVA_HOME/jre/lib/security/java.security file to include the Bouncy Castle provider. Look for the security.provider entries and add a new entry:

      security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider
      , where N is the number of the last entry plus one, for example:

      security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider

    4. For access to the strongest ciphers, download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JDK version (this one for example), and unpack the two jar files into JAVA_HOME/jre/lib/security/.

Finally you need to select which cipher to use in the preferences (Window | Preferences, click Java Mission Control). Before adding bouncy castle, you should have had something like this:

security_prefs

After adding Bouncy you should see something like this:

bouncy

Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *