11

The code belows is throwing this error message:

Exception in thread "main" java.security.InvalidKeyException: Illegal key size or default parameters

Cipher dcipher;

byte[] salt = new String("12345678").getBytes();
int iterationCount = 1024;
int keyStrength = 256;
SecretKey key;
byte[] iv;

Decrypter(String passPhrase) throws Exception {
    SecretKeyFactory factory = SecretKeyFactory
            .getInstance("PBKDF2WithHmacSHA1");
    System.out.println("factory +" + factory);
    KeySpec spec = new PBEKeySpec(passPhrase.toCharArray(), salt,
            iterationCount, keyStrength);
    System.out.println("spec  " + spec);
    SecretKey tmp = factory.generateSecret(spec);
    System.out.println();
    key = new SecretKeySpec(tmp.getEncoded(), "AES");
    dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
}

public String encrypt(String data) throws Exception {
    dcipher.init(Cipher.ENCRYPT_MODE, key);
    AlgorithmParameters params = dcipher.getParameters();
    iv = params.getParameterSpec(IvParameterSpec.class).getIV();
    byte[] utf8EncryptedData = dcipher.doFinal(data.getBytes());
    String base64EncryptedData = new sun.misc.BASE64Encoder()
            .encodeBuffer(utf8EncryptedData);

    System.out.println("IV "
            + new sun.misc.BASE64Encoder().encodeBuffer(iv));
    System.out.println("Encrypted Data " + base64EncryptedData);
    return base64EncryptedData;

Does anybody know why I get that error?

jmj
  • 237,923
  • 42
  • 401
  • 438
user2968404
  • 123
  • 1
  • 3
  • 7
  • In which line is the exception being thrown? please mark – LuigiEdlCarno Nov 08 '13 at 10:09
  • 2
    Do you have the `Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File` installed? 256-bit AES (From the Java crypto package) cannot be used unless that file is installed onto your computer. – initramfs Nov 08 '13 at 10:09
  • For this problem I had to download `Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8` – EpicPandaForce Nov 04 '14 at 10:21

5 Answers5

24

Probably you did not install the JCE Policy file yet.

Download this file:

And Install the file in ${java.home}/jre/lib/security/.

${java.home} refers to your installation directory of Java

for mac:

  • open finder
  • press command + shift + g
  • type /Library/Java/JavaVirtualMachines
  • navigate to your version of JDK
  • then Contents/Home/jre/lib/security
  • unzip the downloaded file and place all files inside here

for CLI 

unzip downloaded_policy_file.zip  -d /Library/Java/JavaVirtualMachines/<JDK_VERSION>/Contents/Home/jre/lib/security/

mv /Library/Java/JavaVirtualMachines/<JDK_VERSION>/Contents/Home/jre/lib/security/UnlimitedJCEPolicyJDK<VERSION>/* /Library/Java/JavaVirtualMachines/<JDK_VERSION>/Contents/Home/jre/lib/security  

rm -rf Library/Java/JavaVirtualMachines/<JDK_VERSION>/Contents/Home/jre/lib/security/UnlimitedJCEPolicyJDK<VERSION>/
jmj
  • 237,923
  • 42
  • 401
  • 438
CodeFanatic
  • 11,434
  • 1
  • 20
  • 38
1

Download the JCE for Java 7 from this link http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

and open the path C:\Program Files\Java\jdk1.7.0_80\jre\lib\security and paste the two jars here.(Even if the two jars were already present replace those two jars)

Lucky
  • 16,787
  • 19
  • 117
  • 151
0

For JAVA 7 the download link is jce-7-download

Copy the two downloaded jars in Java\jdk1.7.0_10\jre\lib\security Take a backup of older jars to be on safer side.

Rajeev
  • 4,762
  • 8
  • 41
  • 63
  • but what is the reason why we have to download and paste Jars explicitly even it already has the same.... – Utsav Oct 29 '14 at 13:38
  • the content of the jars is different. For example the original jars are limiting the possible key length, so the encryption is rather weak. I think it is based on US export policy. – Markus Jul 21 '16 at 16:55
0

In case you using Mac with homebrew

brew cask install jce-unlimited-strength-policy
Neftanic
  • 930
  • 9
  • 17
0

As of JDK 1.8u151 it is not necessary to download the JCE libraries separately. Simply edit:

$JDK_HOME/jre/lib/security/java.security

and uncomment the line:

crypto.policy=unlimited
Axel
  • 3,331
  • 11
  • 35
  • 58
Fredric Doddridge
  • 121
  • 1
  • 4