-2

I have two applets. One does:

RSAPrivateKey sKey = getPrivateKey(keyFile);
Cipher cipher = Cipher.getInstance("RSA/None/OAEPWithSHA512AndMGF1Padding");
cipher.init(Cipher.DECRYPT_MODE, sKey);

sKey is 2048 bits long.

the other one:

byte[] kSession= fileToBytes(kSessionFile);
SecretKeySpec skeySpec = new SecretKeySpec(kSession, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);

kSession is 32 Bytes long

I am aware of the need to install extended JCE Unlimited Strength Jurisdiction Policy files for some cryptographic operations, as noted here.

My question is, when these jars are not installed, why does encryption throw the same exception while decryption does not?

Community
  • 1
  • 1
eskalera
  • 1,072
  • 2
  • 21
  • 36

1 Answers1

1

The key type, size and platform (the JRE or JDK version) are all required knowledge to see if you require the unlimited crypto files. These files depend on a policy set by Oracle to comply with specific import regulations. Some ciphers + key sizes are free for use and others are not. Which ones are allowed and which ones are not depends on politics rather than technical reasoning.

It does not matter if you are using encryption or decryption. Decryption can be used for encryption in certain modes of encryption, such as CTR mode encryption.

In your particular case an RSA key of 2048 bits has a lot less strenght than an AES key of 256 bits. So it is not so strange that one part of your code throws an exception and the other part doesn't. The use of AES keys of 192 or 256 bits is precluded unless you have the unlimited strength files for Java(TM) SE Runtime Environment (build 1.7.0_45-b18).

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Thanks @owlstead, I've edited my question to provide some more info about key types and sizes. Not sure what you mean about platform. I am using Java(TM) SE Runtime Environment (build 1.7.0_45-b18) – eskalera May 20 '14 at 12:10
  • Actually all this stuff has been exportable from US since the Clinton administration. The real reason is *import:* ["Due to import control restrictions by the governments of a few countries, the jurisdiction policy files shipped with the Java SE Development Kit 6 specify that "strong" but limited cryptography may be used. An "unlimited strength" version of these files indicating no restrictions on cryptographic strengths is available for those living in eligible countries (which is most countries)."](http://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html) – user207421 May 20 '14 at 12:28
  • @EJP Ah, thanks, I'll remove that part of the answer, it is a rant anyway. – Maarten Bodewes May 20 '14 at 12:45
  • @eskalera Yes, that's the information I was looking for. – Maarten Bodewes May 20 '14 at 12:52
  • That's it @owlstead. Thanks. As a remark, just in case, I got the 32 Byte length of my AES key by reading byte length of a file I saved from reading an AES key that I got in byte[]. I hope that is ok. – eskalera May 20 '14 at 13:06
  • Yup, sounds OK to me. AES keys are just binary data and are almost always represented just as bytes. If the bytes contain data that can be read as hexadecimal characters then I would be a bit worried though :) – Maarten Bodewes May 20 '14 at 13:14