MFT-4223 Encryption algorithm or key length is restricted under the java policy

If you are handling encrypted files with MFT, encryption algorithms/strength of public keys (key sizes) are critical components which require attention from a security standpoint. Algorithms such as RSA, DSA etc  and  keys with lengths greater than 2048 bits are usually considered secure. 

MFT 12c provides command line tools to generate PGP key pair, however as per Oracle MFT documentation,

“Our PGP generation tool is basic and intended for development. For production, you should generate PGP key pairs externally using some other tools and import it in MFT. By Default the PGP Generator of MFT uses the Bouncy Castle API with hard coded parameters, i.e 1024 Bytes, Expiry Date as Unlimited. The MFT PGP Generator has very limited functionality.”

So if you are using PGP keys generated from an external tool with key sizes 2048/4096 bits there is a likelihood that your MFT transfer (decryption pre processing action) has failed with below exception

Cause	Encryption algorithm or key length is restricted.
Action	Make sure algorithms and key used is not restricted under java security policy.
Error Description	MFTException [threadName=JCA-work-instance:JMSAdapter-7, errorID=3e8d5a86-a2db-4a80-b548-00c0edb4a37c, errorDesc=MFT-4223_Encryption algorithm or key length is restricted under the java policy., cause=Illegal key size or default parameters

 In order to get rid of this exception, you will have to follow below steps:

• Download the "Unlimited" jars "local_policy.jar" and "us_export_policy.jar" from Oracle website specific to your JDK version. Example: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
• Make a backup of the "limited versions" in $JAVA_HOME/jre/lib/security/
• Replace the limited jars with the unlimited jars.
• Restart managed servers and retry your MFT transfer.