-1

The following code perfectly implements AES-128 encryption/decryption.

public static void main(String[] args) throws Exception
{
    String input = JOptionPane.showInputDialog(null, "Enter your String");
    System.out.println("Plaintext: " + input + "\n");

    // Generate a key
    KeyGenerator keygen = KeyGenerator.getInstance("AES");
    keygen.init(128); 
    byte[] key = keygen.generateKey().getEncoded();
    SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");

    // Generate IV randomly
    SecureRandom random = new SecureRandom();
    byte[] iv = new byte[16];
    random.nextBytes(iv);
    IvParameterSpec ivspec = new IvParameterSpec(iv);

    // Initialize Encryption Mode
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivspec);

    // Encrypt the message
    byte[] encryption = cipher.doFinal(input.getBytes());
    System.out.println("Ciphertext: " + encryption + "\n"); //

    // Initialize the cipher for decryption
    cipher.init(Cipher.DECRYPT_MODE, skeySpec, ivspec);

    // Decrypt the message
    byte[] decryption = cipher.doFinal(encryption);
    System.out.println("Plaintext: " + new String(decryption) + "\n");
}

When I want to use AES-256, I thought that can be done by just modifying keygen.init(256); and byte[] iv = new byte[32];, however this becomes error (Exception in thread "main" java.security.InvalidKeyException: Illegal key size)! Can someone explain why error occurs when I made these two modification and what should I do. Thank you guys :)

Mike
  • 380
  • 4
  • 19
  • What error do you get? – SLaks May 11 '14 at 21:14
  • Exception in thread "main" java.security.InvalidKeyException: Illegal key size – Mike May 11 '14 at 21:17
  • possible duplicate of ["Unlimited Strength" JCE Policy Files](http://stackoverflow.com/questions/1179672/unlimited-strength-jce-policy-files) – ntoskrnl May 11 '14 at 21:27
  • 1
    `InvalidKeyException: Illegal key size` means that you did not installed unlimited policy files or placed them into wrong directory. You can use `Cipher.getMaxAllowedKeyLength( "AES/CBC/PKCS5Padding" )` to check whether you installed them properly: if the output is `128` then the crypto is still limited. – Oleg Estekhin May 11 '14 at 21:46
  • 2
    And the IV size for AES 192 and AES 256 is the same 16 bytes - the AES block size is always 128 bits regardless of the key size. – Oleg Estekhin May 11 '14 at 21:47

1 Answers1

3

If you want to use AES 256 encryption you must install the Unlimited Strength Jurisdiction Policy Files:

http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

This enables the higher encryption levels like AES 256 and RSA 2048.

Replace the files from the zip with the current ones in <java-home>\lib\security.

amurka
  • 645
  • 1
  • 6
  • 14
  • Thanks. I did exactly same as what you said, but the bug still :( – Mike May 11 '14 at 21:33
  • Exception in thread "main" java.security.InvalidKeyException: Illegal key size at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1024) at javax.crypto.Cipher.implInit(Cipher.java:790) at javax.crypto.Cipher.chooseProvider(Cipher.java:849) at javax.crypto.Cipher.init(Cipher.java:1348) at javax.crypto.Cipher.init(Cipher.java:1282) at cipher.me.AesWithCbcExample.main(AesWithCbcExample.java:79) – Mike May 11 '14 at 21:33
  • You have to make sure the policy files are in the runtime jre directory. If you have multiple jre installed, they must be in the correct one. (Easy hack is to just put them in all the jre directories.) – amurka May 11 '14 at 22:06
  • Thannks Amurka, it helped a lot , I did exactly for AES 256 , and increase my " Unlimited Strength Jurisdiction Policy ", and it worked for me – shvivek Dec 08 '16 at 06:51