0

I would like to use these classes https://github.com/fukata/AES-256-CBC-Example in my project, but even if I compile it w/o changing anything it causes error:

Exception in thread "main" java.lang.RuntimeException: java.security.InvalidKeyException: Illegal key size at AESUtil.encrypt(AESUtil.java:23) at AESMain.main(AESMain.java:10) Caused by: java.security.InvalidKeyException: Illegal key size at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039) at javax.crypto.Cipher.implInit(Cipher.java:805) at javax.crypto.Cipher.chooseProvider(Cipher.java:864) at javax.crypto.Cipher.init(Cipher.java:1396) at javax.crypto.Cipher.init(Cipher.java:1327) at AESUtil.encrypt(AESUtil.java:20) ... 1 more

How to fix Illegal key size? I downloaded it and copied java folder to my project. Any help would be appreciated :)

J.Kennsy
  • 596
  • 1
  • 6
  • 19
  • Essentially AES encryption with a key length of 128-bits is as secure as 256-bits, neither can be brute forced. – zaph Oct 18 '17 at 20:36
  • @zaph True, but I would like to use AES-256 with 32byte IV and now above classes throw error: `java.security.InvalidAlgorithmParameterException: Wrong IV length: must be 16 bytes long` cause I used 32byte IV –  J.Kennsy Oct 18 '17 at 20:50
  • 2
    A 32-byte IV makes no sense, AES in CBC mode requires a 16-byte IV. – President James K. Polk Oct 18 '17 at 20:54
  • 1
    @J.Kennsy AES supports three key length: 128, 192 & 256 bits and **one IV length**, the same as the block size: 128-bits (16-bytes). – zaph Oct 18 '17 at 22:00

1 Answers1

1

I believe you would need to install the Java Cryptography Unlimited Strength extensions:

http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

Matt MacLean
  • 19,410
  • 7
  • 50
  • 53
  • Well, instruction says that I should paste both jars to /lib/security folder, but mine doesn't exists there (I have jdk, but it doesn't change anything I guess). –  J.Kennsy Oct 18 '17 at 20:28
  • 1
    @J.Kennsy for JDK the jre directory is _under_ the jdk directory, so it's jdk[version]/jre/lib/security . Note the unlimited-policy is different per Java version which you didn't identify; for 8 use http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html -- and for 9, at last, it isn't needed. – dave_thompson_085 Oct 18 '17 at 22:15