Some thoughts on the JCE

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities . It "was decided" that we'd be doing AES with a key-length of 256 , and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet!The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE in order to do 256 bits. It's a fascinating story , the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them.Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password and salt. It's called encryptomania . Note that in order to run it you'll need the JCE (for now, see below).So at one level, Spring crypto has a problem in that they force all users of the library to patch their JRE. This makes it pretty much impossible to deploy in an environment where you don't have complete control of the environment (computers w/o root or admin-access, and PaaS). So it would be cool if they would support 128 bit key-length, and I've started a patch to fix just that The other problem here is that Oracle doesn't just build the JCE into all the JREs. I mean, a malevolent programmer won't have any problems downloading the JCE into a country where it is not allowed, so it's more of a formal thing. And still if they would change the default here, it would take years for the change to propagate into all the data-centres around the world. I think we're better off betting on some other kind of encryption (maybe a 128 bit Twofish cipher out of Bouncy Castle ) to become more trusted than the one provided by Oracle.At the same time it is all a bit silly for your average non-critical webapp, as 128 bit AES is considered to be practically impossible to break in the foreseeable future.