java.security.InvalidKeyException: Illegal key size

Question

When I run this code in Android it produces no errors, but when I run it in a standard Java program it produces the exception: java.security.InvalidKeyException: Illegal key size.

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec keySpec = new SecretKeySpec(CHUNK_ENCRYPTION_KEY.getBytes(), 0, 32, "AES");
IvParameterSpec initVector = new IvParameterSpec(AES_INITIALIZATION_VECTOR.getBytes(), 0 , 16);
cipher.init(Cipher.ENCRYPT_MODE, keySpec, initVector);

CHUNK_ENCRYPTION_KEY is a 32 byte key hard-coded into the program. AES_INITIALIZATION_VECTOR is a 16 byte hard-coded initialization vector.

Does anyone know why it would work on Android and not on a Desktop?

Possible duplicate of [InvalidKeyException Illegal key size](http://stackoverflow.com/questions/3862800/invalidkeyexception-illegal-key-size) — Mark Rotteveel, Mar 21 '16 at 10:33

score 24 · Answer 1 · edited May 15 '16 at 16:10

On a default desktop JVM installation (using the JRE or JDK from Sun/Oracle), AES is limited to 128-bit key size. This is a remnant of import/export laws on cryptographic software. To unlock the larger AES key sizes, you need to download and apply the "JCE Unlimited Strength Jurisdiction Policy Files" (see at the bottom of this page).

The key size restriction is enforced by the code within the Cipher class. Changing cryptographic providers (e.g. to one of the Bouncy Castle or IAIK providers) won't let you circumvent this restriction.

On an unrelated note, you do not want to use the raw getBytes() method on a String, because the result depends on the current locale (not everyone uses UTF-8 or even ASCII-compatible encodings). If you do want to represent your key as a literal string, at least use an explicit encoding, such as: CHUNK_ENCRYPTION_KEY.getBytes("UTF-8")

score 1 · Answer 2 · answered Sep 20 '13 at 17:34

1

It's not stated clearly in README that "JCE Unlimited Strength Jurisdiction Policy Files" should be copied to jre inside your JDK, otherwise it would not work. Path for files should be: /path/to/jdk1.7.0_xx/jre/lib/security

answered Sep 20 '13 at 17:34

ruruskyi

2,018
2
26
37

score -1 · Answer 3 · answered Aug 01 '11 at 15:31

-1

Maybe your supplied KEY and Initialization Vector don't have 32 bytes, respectively 16 bytes length. You can also try to use the constructors that don't take the parameters the offset and length of the keys:

   SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
   IvParameterSpec ivSpec = new IvParameterSpec(iv);

answered Aug 01 '11 at 15:31

Ovidiu Latcu

71,607
15
76
84

I checked the byte lengths when I convert them to byte arrays, and if I don't do the offset and length, it produces the same exception. – Hank Aug 01 '11 at 15:39
are you converting a Hex String to bytes? – Ovidiu Latcu Aug 01 '11 at 15:41
yeah, my whole key string is consisted of 32 unicode characters. – Hank Aug 01 '11 at 16:12
I even tried changing it to a byte array, and it still doesn't work – Hank Aug 01 '11 at 19:34

java.security.InvalidKeyException: Illegal key size

3 Answers3

Linked

Related