2

I'm trying to generate a signed and encrypted JWT token using Nimbus JWT. 

private void generateToken() throws JOSEException, NoSuchAlgorithmException, UnsupportedEncodingException {
    KeyGenerator keyGen = KeyGenerator.getInstance("AES");
    keyGen.init(256);
    SecretKey secretKey = keyGen.generateKey();

    JWSSigner signer = new MACSigner(secretKey);
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("subject").build();

    SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
    signedJWT.sign(signer);

    JWEObject jweObject = new JWEObject(
            new JWEHeader.Builder(JWEAlgorithm.DIR, EncryptionMethod.A256GCM).contentType("JWT").build(),
            new Payload("hello world")
    );
    jweObject.encrypt(new DirectEncrypter(secretKey));
}

When running the code, I get the following error message

com.nimbusds.jose.JOSEException: Couldn't create AES/GCM/NoPadding cipher: Illegal key size
    at com.nimbusds.jose.crypto.AESGCM.encrypt(AESGCM.java:123)
    at com.nimbusds.jose.crypto.ContentCryptoProvider.encrypt(ContentCryptoProvider.java:187)
    at com.nimbusds.jose.crypto.DirectEncrypter.encrypt(DirectEncrypter.java:141)
    at com.nimbusds.jose.JWEObject.encrypt(JWEObject.java:370)
    at de.example.generateToken(TokenImpl.java:108)
    at de.example.TokenImpl.<init>(TokenImpl.java:68)
    at de.example.TokenTest.create(TokenTest.java:33)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
    at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
    at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
    at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
    at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
    at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
    at org.junit.runner.JUnitCore.run(JUnitCore.java:160)
    at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:69)
    at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:234)
    at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:74)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144)
Caused by: java.security.InvalidKeyException: Illegal key size
    at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)
    at javax.crypto.Cipher.implInit(Cipher.java:805)
    at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
    at javax.crypto.Cipher.init(Cipher.java:1396)
    at javax.crypto.Cipher.init(Cipher.java:1327)
    at com.nimbusds.jose.crypto.AESGCM.encrypt(AESGCM.java:119)

The generated key though is 256-bit AES key, I really don't get what is wrong. The example from the nimbus does the same. Do I miss something here?

vtor
  • 8,989
  • 7
  • 51
  • 67

1 Answers1

4

Like the user "leleuj" says on https://github.com/pac4j/pac4j/issues/355, you need: "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" if you don't have already installed them. You need:

  1. download the version for your installed java (for v7 is jce-7, for v8 is jce-8)
  2. unzip it
  3. stop any java proces running
  4. make a backup of your local_policy.jar and US_export_policy.jar (both are in [java_home]/jre/lib/security)
  5. copy the new ones in [java_home]/jre/lib/security
mgsCatDev
  • 136
  • 1
  • 1
  • 10
  • This works, wondering if we can fix without changing the JDK. The environment on which we have the issue is not in our control. – Vinayak Dornala Nov 16 '18 at 17:13
  • You need to read [link] (https://stackoverflow.com/a/39889731/3320400). It seems that the newest versions of java (1.6, 1.7, 8, 9) don't need any special installation of JCE Unlimited. Maybe you can't touch your JDK but maybe you can ask for an update (for security reasons, of course). – mgsCatDev Nov 19 '18 at 15:40
  • The devOps team updated the JDK, The issue is resolved – Vinayak Dornala Nov 19 '18 at 19:24