M100549: Behavior explanation: Configuring JRE 1.3.1 environments for DES encryption

Applies to 7.9.7
 
Support for encrypted FTP passwords requires DSE to be available in the Java environment. By default JRE 1.3.1 does not include JCE (Java Cryptography Extension) due to export regulations when JRE 1.3.1 was released. It's now included by default in JRE 1.4.x, and available for JRE 1.3.1 as a separate package.

FTP uploads/downloads failing when the FTP access requires encrypted passwords (ManageSoft default).

By default JRE 1.3.1 does not include JCE (Java Cryptography Extension) due to export regulations when JRE 1.3.1 was released. It's now included by default in JRE 1.4.x, and available for JRE 1.3.1 as a separate package.

There are currently two JCE implementations that I know of, one from Sun, and one from Bouncycastle.org. Both are redistributable according to their licenses however Sun's license requires total indemnification from law suites against Sun should anyone redistribute their JCE implementation. The Bouncycastle.org version is licensed under a BSD-style license.

To install the Sun implementation:

  1. Go to http://java.sun.com/products/jce/
  2. Click 'JCE for JRE 1.2.x and 1.3.x', and scroll to the bottom of the page and select 'Download JCE Software...'.  Since this goes through Sun.com's download pages rather than Java.sun.com's, (free) registration might be required to download the archive.
  3. Once you've downloaded the archive, unzip it into a directory somewhere, and copy all the files in jce1.2.2/lib to the 'ext' directory of your Java installation. i.e. :
    •    $ cp jce1.2.2/lib $JAVA_HOME/jre/lib/ext

    This installs the Java ARchive files (.jar files) into the extensions directory of the java runtime environment.

  4. Now register the JCE implementation with the JRE. To do this, open the $JAVA_HOME/jre/lib/security/java.security file in an editor and look for the following lines:

    #

    # List of providers and their preference orders (see above):

    #

    security.provider.1=sun.security.provider.Sun

    security.provider.2=com.ibm.crypto.provider.IBMJCA

    #security.provider.3=

    This defines which security providers are registered with the JRE (the above is from an IBM 1.3.1 JRE, hence the IBMJCA line. 

  5. Add the following classname to the end of the list, appropriately incrementing the provider number.

    security.provider.3=com.sun.crypto.provider.SunJCE

If you choose to use the Bouncycastle implementation:

  1.  Download the following file: http://www.bouncycastle.org/download/jce-jdk13-120.jar .
  2. Copy it to the extension directory as noted above, and register the following class as the provider (as described above):

    security.provider.3=org.bouncycastle.jce.provider.BouncyCastleProvider

Both implementations have been tested with ManageSoft.  The choice of which one to use is open to the ManageSoft implementer/customer.

Additional Information

This article is relevant to all Linux versions of ManageSoft for managed devices.

For more details, refer to the "Configuring ManageSoft to use encrypted FTP passwords" section of the Introduction to ManageSoft Linux support documentation.

Comments

Powered by Zendesk