The cipher 'aes256-cbc' is required, but it is not available

Question

I am trying to do an SFTP using JSch, but I encountered some error:

com.jcraft.jsch.JSchException: The cipher 'aes256-cbc' is required, but it is not available.

Below is the code I used. Is there anything I missed out?

JSch jsch = new JSch();
Session session = null;

jsch.addIdentity("C:\\privatekey.ppk", "Password");

session = jsch.getSession("user", "54.251.240.234", 22);
session.setConfig("StrictHostKeyChecking", "no");


Channel channel = session.openChannel("sftp");
channel.connect();
ChannelSftp sftpChannel = (ChannelSftp) channel;
sftpChannel.put("C:\\Users\\test.txt", "/home/user/test.txt");
sftpChannel.exit();
session.disconnect();

Stacktrace

[8/30/13 1:56:26:556 SGT] 00000021 SystemErr     R com.jcraft.jsch.JSchException: The cipher 'aes256-cbc' is required, but it is not available.
[8/30/13 1:56:26:557 SGT] 00000021 SystemErr     R  at com.jcraft.jsch.KeyPair.loadPPK(KeyPair.java:1017)
[8/30/13 1:56:26:557 SGT] 00000021 SystemErr     R  at com.jcraft.jsch.KeyPair.load(KeyPair.java:590)
[8/30/13 1:56:26:557 SGT] 00000021 SystemErr     R  at com.jcraft.jsch.KeyPair.load(KeyPair.java:542)
[8/30/13 1:56:26:557 SGT] 00000021 SystemErr     R  at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:40)
[8/30/13 1:56:26:558 SGT] 00000021 SystemErr     R  at com.jcraft.jsch.JSch.addIdentity(JSch.java:389)
[8/30/13 1:56:26:558 SGT] 00000021 SystemErr     R  at com.jcraft.jsch.JSch.addIdentity(JSch.java:370)
[8/30/13 1:56:26:558 SGT] 00000021 SystemErr     R  at com.belsize.sb.SB_UtilityBean.runExternalProgram_Windows(SB_UtilityBean.java:1134)
[8/30/13 1:56:26:558 SGT] 00000021 SystemErr     R  at com.belsize.sb.EJSLocal0SLSB_Utility_861cc9f0.runExternalProgram_Windows(EJSLocal0SLSB_Utility_861cc9f0.java)
[8/30/13 1:56:26:558 SGT] 00000021 SystemErr     R  at com.belsize.sb.SB_IntegrationBean.getFTP_Status(SB_IntegrationBean.java:2175)
[8/30/13 1:56:26:559 SGT] 00000021 SystemErr     R  at com.belsize.sb.EJSLocal0SLSB_Integration_13682180.getFTP_Status(EJSLocal0SLSB_Integration_13682180.java)
[8/30/13 1:56:26:559 SGT] 00000021 SystemErr     R  at pagecode.module.user_permission.W_useraccount.getFTP_Status(W_useraccount.java:992)
[8/30/13 1:56:26:559 SGT] 00000021 SystemErr     R  at pagecode.module.user_permission.Up1006.doUp1006_commandlink_testftpAction(Up1006.java:711)
[8/30/13 1:56:26:559 SGT] 00000021 SystemErr     R  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[8/30/13 1:56:26:560 SGT] 00000021 SystemErr     R  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
[8/30/13 1:56:26:560 SGT] 00000021 SystemErr     R  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
[8/30/13 1:56:26:560 SGT] 00000021 SystemErr     R  at java.lang.reflect.Method.invoke(Method.java:611)
[8/30/13 1:56:26:560 SGT] 00000021 SystemErr     R  at org.apache.el.parser.AstValue.invoke(AstValue.java:268)
[8/30/13 1:56:26:560 SGT] 00000021 SystemErr     R  at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:278)
[8/30/13 1:56:26:561 SGT] 00000021 SystemErr     R  at org.apache.myfaces.view.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:83)
[8/30/13 1:56:26:561 SGT] 00000021 SystemErr     R  at javax.faces.component._MethodExpressionToMethodBinding.invoke(_MethodExpressionToMethodBinding.java:88)
[8/30/13 1:56:26:561 SGT] 00000021 SystemErr     R  at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:100)
[8/30/13 1:56:26:561 SGT] 00000021 SystemErr     R  at javax.faces.component.UICommand.broadcast(UICommand.java:120)
[8/30/13 1:56:26:561 SGT] 00000021 SystemErr     R  at javax.faces.component.UIViewRoot._broadcastAll(UIViewRoot.java:973)
[8/30/13 1:56:26:562 SGT] 00000021 SystemErr     R  at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:275)
[8/30/13 1:56:26:562 SGT] 00000021 SystemErr     R  at javax.faces.component.UIViewRoot._process(UIViewRoot.java:1285)
[8/30/13 1:56:26:562 SGT] 00000021 SystemErr     R  at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:711)
[8/30/13 1:56:26:562 SGT] 00000021 SystemErr     R  at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:34)
[8/30/13 1:56:26:562 SGT] 00000021 SystemErr     R  at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:171)
[8/30/13 1:56:26:563 SGT] 00000021 SystemErr     R  at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
[8/30/13 1:56:26:563 SGT] 00000021 SystemErr     R  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:189)
[8/30/13 1:56:26:563 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1225)
[8/30/13 1:56:26:563 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:775)
[8/30/13 1:56:26:564 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:457)
[8/30/13 1:56:26:564 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
[8/30/13 1:56:26:564 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:136)
[8/30/13 1:56:26:564 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:97)
[8/30/13 1:56:26:564 SGT] 00000021 SystemErr     R  at org.primefaces.webapp.filter.FileUploadFilter.doFilter(FileUploadFilter.java:77)
[8/30/13 1:56:26:564 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
[8/30/13 1:56:26:565 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
[8/30/13 1:56:26:565 SGT] 00000021 SystemErr     R  at com.belsize.servlet.filter.RedirectLogin.doFilter(RedirectLogin.java:177)
[8/30/13 1:56:26:565 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
[8/30/13 1:56:26:565 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
[8/30/13 1:56:26:565 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:928)
[8/30/13 1:56:26:565 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1025)
[8/30/13 1:56:26:566 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87)
[8/30/13 1:56:26:566 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:908)
[8/30/13 1:56:26:566 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)
[8/30/13 1:56:26:566 SGT] 00000021 SystemErr     R  at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:195)
[8/30/13 1:56:26:566 SGT] 00000021 SystemErr     R  at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:453)
[8/30/13 1:56:26:566 SGT] 00000021 SystemErr     R  at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:515)
[8/30/13 1:56:26:567 SGT] 00000021 SystemErr     R  at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:306)
[8/30/13 1:56:26:567 SGT] 00000021 SystemErr     R  at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
[8/30/13 1:56:26:567 SGT] 00000021 SystemErr     R  at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:166)
[8/30/13 1:56:26:567 SGT] 00000021 SystemErr     R  at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
[8/30/13 1:56:26:567 SGT] 00000021 SystemErr     R  at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
[8/30/13 1:56:26:568 SGT] 00000021 SystemErr     R  at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
[8/30/13 1:56:26:568 SGT] 00000021 SystemErr     R  at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
[8/30/13 1:56:26:568 SGT] 00000021 SystemErr     R  at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
[8/30/13 1:56:26:568 SGT] 00000021 SystemErr     R  at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
[8/30/13 1:56:26:568 SGT] 00000021 SystemErr     R  at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1691)

score 86 · Answer 1 · answered Dec 19 '14 at 14:23

86

This error also appear when your private key is in putty format and not in open ssh format.

You can convert the key with the tool puttygen to an open ssh format private key.

This solves the Problem for me. Replaceing the Java files was not necessary in my case with netbeans 8.0.2 and Java 8_25.

answered Dec 19 '14 at 14:23

Christoph

869
6
2

24

PuTTY Key Generator: 1) Load an existing private key file. 2) Conversions: Export OpenSSH Key – Matthew Mar 16 '16 at 19:49

score 55 · Answer 2 · edited Feb 14 '20 at 06:49

55

By default, JCE policies -which come with your JDK or JRE- don't support such techniques for ciphering like (ase-256,.. etc).

For sure you MUST replace your current JCE jars (exist on $JAVA_HOME/jre/lib/security) with compatible Jave version you have from oracle website.

Download links:

For JDK 1.6: https://www.oracle.com/java/technologies/jce-6-download.html

For JDK 1.7: https://www.oracle.com/java/technologies/javase-jce7-downloads.html

For JDK 1.8: https://www.oracle.com/java/technologies/javase-jce8-downloads.html

This will fix the problem.

edited Feb 14 '20 at 06:49

Martin Prikryl

188,800
56
490
992

answered Nov 19 '13 at 12:55

Mahran ALSHIEKH

771
6
9

7

Wow. Did not know Java is shipped with crippled encryption. – Jürgen Hörmann Oct 16 '14 at 11:13
It will not work for me. I tuse ant.scp in gradle in Android studio with "sshAntTask 'org.apache.ant:ant-jsch:1.9.6" dependancy. Am i missing something? – Nabdreas Sep 07 '15 at 15:54
Very good. In my $JAVA_HOME/jre/lib/security folder there was already this two libs for the jce, but I realized that my new Eclipse-Neon used it's own JRE. So you have two options, change the JRE in the Preferences in Eclipse or copy also inside the Eclipse JRE security folder the two libs. – Brain Mar 11 '16 at 14:08
@JürgenHörmann this is only related to legal issues (nothing of technical, if you consider you can solve with an additional official download). In short: in several countries import control restrictions (related to cryptographic functions) are present and Oracle have to comply with the basic JRE distribution – Pierpaolo Cira Sep 08 '16 at 10:09
Last Java 8 JDK (118) does not have this problem. I crossed it using Egit (Git in Eclipse) with a GitLab repository. So I simply updated the JDK, this was on Windows 7-64. – JacquesLeRoux Nov 25 '16 at 09:02
For JetBrains programs on Windows put the v1.8 files into the `jre64\lib\security` directory of the program you are using (ex: for PHPStorm it might be `C:\Program Files\JetBrains\PhpStorm 2017.3.2\jre64\lib\security`) – omikes Mar 30 '18 at 22:00

score 5 · Answer 3 · answered Aug 26 '13 at 14:56

5

You need to add to Your JRE - java unlimited strength policy, eg.: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html Please replace local_policy and us_export_policy on the server's JRE path (\lib\security) Other version of JCE policies can be found on oracle web pages.

answered Aug 26 '13 at 14:56

Maciej Czarnecki

158
2
10

Hi, my java version "1.6.0_23" Java(TM) SE Runtime Environment (build 1.6.0_23-b05). In Jsch, it mention with J2SE 1.4.0 or later, there is no need for additional library – bittersour Aug 29 '13 at 07:33
1

Yes, you have JCE - no doubt on that, but believe me, i was struggling with the same thing. Default local_policy.jar and US_export_policy.jar on JRE path, prevents from using the key You size You mentioned. You have to download JCE unlimited strength jurisdiction library, next please replace old libraries with those which I suggested earlier. – Maciej Czarnecki Aug 30 '13 at 11:46
Also, please look at:http://www.jcraft.com/jsch/README, it says that "And then, J2SE 1.4.2(or later) does not support aes256 by the default " and "We have confirmed that by applying "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files [...] we can enjoy 'aes256-cbc,aes256-ctr'. – Maciej Czarnecki Aug 30 '13 at 14:11

The cipher 'aes256-cbc' is required, but it is not available

3 Answers3

Linked

Related