 | Work in progress This site is in the process of being reviewed and updated. |
Introduction
Due to export control restrictions, JDK 5.0 environments do not ship with support for AES-256 enabled. Kerberos uses AES-256 in the 'aes256-cts-hmac-sha1-96' encryption type. To enable AES-256, you must download "unlimited strength" policy JAR files for your JRE. Policy JAR files are signed by the JRE vendor so you must download policy JAR files for Sun, IBM, etc. separately. Also, policy files may be different for each platform, such as i386, Solaris, or HP.
Installation
- Download the unlimited strength policy JAR files.
Vendor Link Details IBM IBM Security information 
Scroll down to "IBM SDK Policy files." The same files are used for the Version 1.4 and Version 5 SDKs. Sun Java SE Downloads - Previous Release - JDK 5 Scroll down to "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0" under "Other Downloads" - Extract the unlimited strength policy JAR files.
File Description local_policy.jar Unlimited strength local policy file US_export_policy.jar Unlimited strength US export policy file - Install the unlimited strength policy JAR files by copying them to the standard location. <jre-home> refers to the directory where the J2SE Runtime Environment (JRE) was installed. Adjust pathname separators for your environment.
Standard Location Platform <jre-home>/lib/security Solaris <jre-home>\lib\security Win32 - Optionally, create subfolders in <jre-home>/lib/security, named, for example, "limited" and "unlimited" so you can switch between policy files easily, by copying the policy JAR files from one of the subfolders to the <jre-home>/lib/security directory.