3

I'm attempting to upgrade my app from 128-bit AES keys to 256-bit AES keys. However, when I change line 54 from 128 to 256, I get the following key size errors.

java.security.InvalidKeyException: Illegal key size

I have JCE files installed correctly, as evidenced by the fact that my app generates longer keys. 

package com.company;
import com.hazelcast.util.Base64;
import javax.crypto.*;
import javax.crypto.spec.*;

class Encryption {

    public static String encrypt (String strKey, String strIv, String str) {
        String secret = "";
        try{
            byte[] key = Base64.decode(strKey.getBytes());
            byte[] iv  = Base64.decode(strIv.getBytes());

            SecretKeySpec keyspec = new SecretKeySpec(key, "AES");
            IvParameterSpec ivspec = new IvParameterSpec(iv);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

            cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
            secret = new String(Base64.encode(cipher.doFinal(str.getBytes())));

        }
        catch(Exception e){
            e.printStackTrace();
        }
        return secret;
    }

    public static String decrypt (String strKey, String strIv, String str) {
        String secret = "";
        try{

            byte[] key = Base64.decode(strKey.getBytes());
            byte[] iv  = Base64.decode(strIv.getBytes());


            SecretKeySpec keyspec = new SecretKeySpec(key, "AES");
            IvParameterSpec ivspec = new IvParameterSpec(iv);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

            cipher.init(Cipher.DECRYPT_MODE, keyspec,ivspec);
            secret = new String(cipher.doFinal(new Base64().decode(str.getBytes())));

        }
        catch(Exception e){
            e.printStackTrace();
        }
        return secret;
    }

    public static void main(String[] argv) {
        String strIv = "18A5Z/IsHs6g8/65sBxkCQ==";
        String strKey = "";
        int keyStrength = 256;
        try {
            KeyGenerator kgen = KeyGenerator.getInstance("AES");
            kgen.init(keyStrength);

            SecretKey skey = kgen.generateKey();
            byte[] raw = skey.getEncoded();
            strKey = new String(new Base64().encode(raw));
            System.out.println("Secret key is: " + strKey);
        } catch (Exception ex) {
            System.out.println(ex.toString());
        }
        String message = "My, it's a lovely day today!!!";
        String encrypted = Encryption.encrypt(strKey, strIv, message);
        System.out.println("Encrypted string is: " + encrypted);
        System.out.println("Decrypted string is: " + Encryption.decrypt(strKey, strIv, encrypted));


    }
}

I've seen "AES/CBC/PKCS7Padding" encryption methods referenced in other posts, but that simply gets me this exception:

java.security.NoSuchAlgorithmException: Cannot find any provider supporting AES/CBC/PKCS7Padding
    at javax.crypto.Cipher.getInstance(Cipher.java:540)
    at com.company.Encryption.encrypt(Encryption.java:17)
    at com.company.Encryption.main(Encryption.java:67)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
java.security.NoSuchAlgorithmException: Cannot find any provider supporting AES/CBC/PKCS7Padding
    at javax.crypto.Cipher.getInstance(Cipher.java:540)
    at com.company.Encryption.decrypt(Encryption.java:39)
    at com.company.Encryption.main(Encryption.java:69)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
President James K. Polk
  • 40,516
  • 21
  • 95
  • 125
vesuvian7
  • 71
  • 1
  • 7
  • 2
    Which line throws the InvalidKeyException? – President James K. Polk Sep 23 '16 at 21:53
  • 1
    Possible duplicate of [InvalidKeyException Illegal key size](http://stackoverflow.com/questions/3862800/invalidkeyexception-illegal-key-size) – Ebbe M. Pedersen Sep 23 '16 at 22:03
  • *"I have JCE files installed correctly"* - If you mean the unlimited strength policy files, are you *really* sure that you're running the code in the JVM where you installed the policy files? If you're unsure then you should install them in all JREs (both global JREs as well as JREs inside of JDKs). – Artjom B. Sep 24 '16 at 07:15

1 Answers1

1

Found it...

Oracle technically labels the versions of the JCE files on their download pages, but it wasn't obvious to me. I was installing the java 6 files with a java 8 JRE. That's why I was able to generate the key but not encrypt/decrypt.

I found the right files, installed them, and it's working now.

Thank you!

vesuvian7
  • 71
  • 1
  • 7