In Windchill 11.x, PTC recommends changing Java encryption key length to unlimited.  Their directions found in the help system are little more than an overview deployment procedure written at the time Oracle released the unlimited strength encryption files.  The description ends with [I'm paraphrasing] 'PTC does not support deploying this functionality and you are on your own for deploying it'.


The initial instructions are difficult to follow.  Fortunately, Oracle has been working on the deployment mechanism and Java 1.8 u151 now ships with both limited and unlimited strength encryption files.  This greatly simplifies PTC's deployment instructions for the more recent Windchill releases and maintenance patches.  The instructions are now simplified to:


1. Set the key length property

xconfmanager -s wt.intersvrcom.siteSecurity.encryptionKey.keyLength=256 -t codebase/wt.properties -p


2. Clear cache and restart Windchill.


Once Windchill is running again, how do we know it is enabled?  If these two commands return "true" from a Windchill shell, then unlimited strength encryption is enabled.


jrunscript -e "print (javax.crypto.Cipher.getMaxAllowedKeyLength('AES') >= 256)"
jrunscript -e "print (javax.crypto.Cipher.getMaxAllowedKeyLength('RC5') >= 256)"