Encrypting a byte [ ] using a AES 256 Session key

Question

I have a Session key which is Changing with every execution of the program. I have to encrypt a byte[ ] using that session key (AES 256) so how to do that.

I am generating my key by

              Key key;
              SecureRandom rand = new SecureRandom();
              KeyGenerator generator = KeyGenerator.getInstance("AES");
              generator.init(rand);
              generator.init(256);
              key = generator.generateKey();

And using this to Encrypt the Byte Array

 public static byte[] Encrypt(byte[] a,Key skey) throws Exception {

 // Instantiate the cipher

Cipher cipher = Cipher.getInstance("AES");  
cipher.init(Cipher.ENCRYPT_MODE, skey);

byte[] encrypted =cipher.doFinal(a);
cipher.init(Cipher.DECRYPT_MODE, skey);
byte[] original = cipher.doFinal(encrypted);
String originalString = new String(original);

return encrypted;
}

But Every time i run the program it shows and error

       Exception in thread "main" java.security.InvalidKeyException: Illegal          
     key size or default parameters
         at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026)
            at javax.crypto.Cipher.implInit(Cipher.java:801)
    at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
    at javax.crypto.Cipher.init(Cipher.java:1249)
    at javax.crypto.Cipher.init(Cipher.java:1186)
    at com.esign.verify.DocHash.AES.Encrypt(AES.java:52)
    at com.esign.verify.DocHash.DocHash.main(DocHash.java:264)

Yeah I ran into the same issue. Officially, every user needs to install an unlimited strength policy for the JRE to use AES with a 256 bit key due to export/import restrictions. So that's one way to solve. And then, unofficially, http://stackoverflow.com/a/22492582 — Arjan, May 28 '16 at 12:02
unlimited security policy for the JRE ?? I do not understand what that means . Do we need to do that ? Then how? — Mudit, May 28 '16 at 12:06
It's limited to 128 bit ciphers by default. To use 256 bit, well, click the link in the previous comment and it'll answer those questions. To verify that that is indeed the source of the problem, try 128 bits ;) — Arjan, May 28 '16 at 12:12
**Never use [ECB mode](http://crypto.stackexchange.com/q/14487/13022)**. It's deterministic and therefore not semantically secure. You should at the very least use a randomized mode like [CBC](http://crypto.stackexchange.com/q/22260/13022) or [CTR](http://crypto.stackexchange.com/a/2378/13022). It is better to authenticate your ciphertexts so that attacks like a [padding oracle attack](http://crypto.stackexchange.com/q/18185/13022) are not possible. This can be done with authenticated modes like GCM or EAX, or with an [encrypt-then-MAC](http://crypto.stackexchange.com/q/202/13022) scheme. — Artjom B., May 28 '16 at 12:43
Using `generator.init(rand); generator.init(256);` doesn't make sense, because the second call overwrites the first one. You can combine them: `generator.init(256, rand);` — Artjom B., May 28 '16 at 12:44
When your encryption code is finished, and if it's of any real importance, perhaps you should consider posting it on [codereview.se](http://codereview.stackexchange.com/) for a review. Encryption can be hard to get right, easy to mess up, and nasty if you mess it up. Artjom's comments show it's quite nice to have it reviewed by more crypto literate people. — Arjan, May 28 '16 at 14:02

Encrypting a byte [ ] using a AES 256 Session key

0 Answers0