BouncyCastle and RSA - Illegal Key Size

Question

I'm working with following Code:

@Test
public void simpleEncryptDecryptTest_shouldSucceed() throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
    String text = "ASDF-asdföjk_\n394ysf";
    String encryptedText = null;


    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    PEMReader in = new PEMReader(new FileReader("C:/Users/User/tu/vs_exc3/keys/auction-server.pem"), new PasswordFinder() {
        @Override
        public char[] getPassword() {
            return new char[] {'2', '3', '4', '5', '6'};
        }
    });

    PrivateKey privateKey = (PrivateKey)in.readObject();

    in = new PEMReader(new FileReader("C:/Users/User/tu/vs_exc3/keys/auction-server.pub.pem"));


    PublicKey publicKey = (PublicKey)in.readObject();

    Cipher decodeCipher = Cipher.getInstance("RSA/NONE/OAEPWithSHA256AndMGF1Padding");
    Cipher encodeCipher = Cipher.getInstance("RSA/NONE/OAEPWithSHA256AndMGF1Padding");
    decodeCipher.init(Cipher.DECRYPT_MODE, privateKey);
    encodeCipher.init(Cipher.ENCRYPT_MODE, publicKey);


    byte[] encrypted = encodeCipher.doFinal(text.getBytes());
    encryptedText = new String(encrypted);
    byte[] decrypted = decodeCipher.doFinal(encryptedText.getBytes());

    Assert.assertTrue(text.equals(new String(decrypted)));
}

And I get the following Exception:

    org.bouncycastle.openssl.EncryptionException: exception using cipher - please check password and data.
        at org.bouncycastle.openssl.PEMUtilities.crypt(Unknown Source)
            at org.bouncycastle.openssl.PEMReader.readKeyPair(Unknown Source)
            at org.bouncycastle.openssl.PEMReader.readObject(Unknown Source)
            at      utils.Testibert.simpleEncryptDecryptTest_shouldSucceed(Testibert.java:57)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
            at java.lang.reflect.Method.invoke(Unknown Source)
            at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:45)
            at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
            at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:42)
            at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
            at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:263)
            at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:68)
            at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:47)
            at org.junit.runners.ParentRunner$3.run(ParentRunner.java:231)
            at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:60)
            at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:229)
            at org.junit.runners.ParentRunner.access$000(ParentRunner.java:50)
            at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:222)
            at org.junit.runners.ParentRunner.run(ParentRunner.java:300)
            at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
            at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
            at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
            at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
            at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
            at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:      
    Caused by: java.security.InvalidKeyException: Illegal key size
            at javax.crypto.Cipher.a(DashoA13*..)
            at javax.crypto.Cipher.init(DashoA13*..)
            at javax.crypto.Cipher.init(DashoA13*..)
            ... 27 more

I've installed the JCE unlimited strength files in the JRE and also in my JDK directories. What could cause the exception?

Edit 1: The private key file looks like that:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,8429830AD224E4D56A21C3C680D6EA57

key...
-----END RSA PRIVATE KEY-----

possible duplicate of [InvalidKeyException Illegal key size](http://stackoverflow.com/questions/3862800/invalidkeyexception-illegal-key-size) — jtahlborn, Jan 04 '13 at 15:15
It's no duplicate because no solution of the "possible duplicates" worked ... And that's why I stated "I've installed the JCE" PLEASE read carefully before voting for closing my question. @Joachim Isaksson, it's the private key. — schlingel, Jan 04 '13 at 15:17
@schlingel If you comment out the private key reading, will it read the public key without problems? — Joachim Isaksson, Jan 04 '13 at 15:33
@Joachim Isaksson Yes, I moved the public key reading above the private key reading and the exception is still throwen at the private key part. — schlingel, Jan 04 '13 at 15:46
@schlingel Then the only way I can repeat your problem is by giving the wrong password (I suspect you triple checked that already), sorry. — Joachim Isaksson, Jan 04 '13 at 15:52
i did read. however, the JCE is already part of the jdk. did you perhaps mean that you installed the unlimited strength policy files? if so, you should say that. — jtahlborn, Jan 04 '13 at 16:29
can you verify that the unlimited strength policy was installed correctly: what is the output of `Cipher.getMaxAllowedKeyLength("AES")`? — jtahlborn, Jan 04 '13 at 16:31
I still believe that exception only occurs if you have *not* installed the Unlimited Strength Jurisdiction Policy Files. — President James K. Polk, Jan 04 '13 at 23:06
@NicholasDiPiazza did you install the unlimited strength policy files? — schlingel, Mar 29 '17 at 08:35
No. I was under the (false) assumption that we had not needed some sort of extra step as long as we were using JDK8. — Nicholas DiPiazza, Mar 29 '17 at 18:36

score 0 · Answer 1 · answered Feb 13 '20 at 16:36

This is a late answer, but I had the same issues. I was deploying a web app on Tomcat and getting the same error when decrypting a key. The Unlimited Strength Jurisdiction Policy files were installed properly. This was working and then we updated Tomcat on our server and we started to have Caused by: java.security.InvalidKeyException: Illegal key size exceptions.

It turns out the issue was with the Tomcat service. It was calling the Java jre vs the Java jre in the jdk and the jre did not have the enhanced jar files.

This stack answer may be useful in changing the version of Java tomcat is using: How to change Java version used by TOMCAT?

Although my issue was related to Tomcat, I believe this could also be an issue with running Java in any environment.

BouncyCastle and RSA - Illegal Key Size

1 Answers1