Java Security: illegal key size or default parameter?

I asked a question earlier, but it didn't help that I didn't get the right answer.

So I clarified some details about the problem, and I really want to hear from you about how to solve the problem or what you should try.

I installed Java on the Linux server, and the following code runs perfectly.

String key = "av45k1pfb024xa3bl359vsb4esortvks74sksr5oy4s5serondry84jsrryuhsr5ys49y5seri5shrdliheuirdygliurguiy5ru";
try {
    Cipher c = Cipher.getInstance("ARCFOUR");

    SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "ARCFOUR");
    c.init(Cipher.DECRYPT_MODE, secretKeySpec);

    return new String(c.doFinal(Hex.decodeHex(data.toCharArray())), "UTF-8");

} catch (InvalidKeyException e) {
    throw new CryptoException(e);

Today, I installed Java on a server user, and the following exception occurred when I tried to run the application. My guess is that it's related to the Java installation configuration, because it works in the first version, but it doesn't work in the later version.

Caused by: Illegal key size or default parameters
    at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
    at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
    at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
    at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
    at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
    at my.package.Something.decode( ~[my.package.jar:na]
    ... 5 common frames omitted

Line 25: c.init (cipher. Decrypt? Mode, secretkeyspec);

*The on the Java directory of server almost matches the file. There are no other providers in the first.
*The last question is Here .

#1 building

For JAVA 7, the download link is jce-7-download

Copy the two downloaded jar s to Java \ \ jdk1.7.0 \ \ 10 \ \ JRE \ \ lib \ \ security
Back up older cans to ensure safety.

For JAVA 8, the download link is jce-8-download
Copy the downloaded jar to Java \ \ jdk1.8.0 \ \ 45 \ \ JRE \ \ lib \ \ security
Back up older cans to ensure safety.

#2 building

The JRE / JDK / Java 8 jurisdiction file can be found in the following location:

Java cryptography extension (JCE) unlimited strength jurisdiction policy file 8 Download

As James said above:
Install the file in ${java.home}/jre/lib/security /.

#3 building

The problem is that if JRE is installed, the contents of the file default local.policy in the local policy.jar in the folder jre \ lib \ security:

// Some countries have import limits on crypto strength. This policy file
// is worldwide importable.

grant {
    permission javax.crypto.CryptoPermission "DES", 64;
    permission javax.crypto.CryptoPermission "DESede", *;
    permission javax.crypto.CryptoPermission "RC2", 128,
                                     "javax.crypto.spec.RC2ParameterSpec", 128;
    permission javax.crypto.CryptoPermission "RC4", 128;
    permission javax.crypto.CryptoPermission "RC5", 128,
          "javax.crypto.spec.RC5ParameterSpec", *, 12, *;
    permission javax.crypto.CryptoPermission "RSA", *;
    permission javax.crypto.CryptoPermission *, 128;

If you don't need a globally valid setting, just edit the file and change the content to

// Country-specific policy file for countries with no limits on crypto strength.
grant {
    // There is no restriction to any algorithms.
    permission javax.crypto.CryptoAllPermission;

If you download JCE from Oracle, what does this get.

#4 building

In Java, AES supports 128 bit key by default. If you plan to use 192 bit or 256 bit key, the java compiler will throw an illegal key size exception, and you will get this exception.

According to victor & James, you need to download JCE (Java cryptography extension) according to your JRE Version (java6, java7 or java8).

The JCE compressed file contains the following jars:

  1. local_policy.jar
  2. US_export_policy.jar

You need to replace these jar s from < java_home > / JRE / lib / security. If you are using a Unix system, you may refer to / home / urs / usr / lib / JVM / Java - < version > - Oracle/

Sometimes only replacing the local ﹣ policy.jar and us ﹣ export ﹣ policy.jar in the security folder does not work on Unix, so I suggest copying the security folder to your desktop first, replacing the @ Desktop / security folder of the jar, removing the security folder from / jre / lib / & moving the desktop security folder to / jre / lib /.

For example: sudo mv security /usr/lib/jvm/java-7-oracle/jre/lib

#5 building

By default, Java only supports AES 128 bit (16 byte) key size encryption. If all you don't need is default support, you can trim the key to the appropriate size before using Cipher. For default supported keys, see javadoc .

This is an example of generating a key that can be used on any JVM version without modifying the policy file. Use at your discretion.

This is about AgileBits blog Is the size of the upper key 128 to 256 important

SecretKeySpec getKey() {
    final pass = "47e7717f0f37ee72cb226278279aebef".getBytes("UTF-8");
    final sha = MessageDigest.getInstance("SHA-256");

    def key = sha.digest(pass);
    // use only first 128 bit (16 bytes). By default Java only supports AES 128 bit key sizes for encryption.
    // Updated jvm policies are required for 256 bit.
    key = Arrays.copyOf(key, 16);
    return new SecretKeySpec(key, AES);

Tags: Java jvm Oracle Unix

Posted on Sat, 08 Feb 2020 08:59:42 -0500 by IronCannibal