4

I am trying to decrypt JWE data from my private key using Nimbus JOSE + JWT.

But I am gettin error : JOSEException: Couldn't create AES/GCM/NoPadding cipher: Illegal key size

Can someone please help me to resole this issue. I am using Java 1.8

My Private key

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGBRdsiDqKPGyH
gOpzxmSU2EQkm+zYZLvlPlwkwyfFWLndFLZ3saxJS+LIixsFhunrrUT9ZZ0x+bB6
MV55o70z4ABOJRFNWx1wbMGqdiC0Fyfpwad3iYpRVjZO+5etHA9JEoaTPoFxv+kt
d8kVAL9P5I7/Pi6g1R+B2t2lsaE2bMSwtZqgs55gb7fsCR3Z4nQi7BddYR7MZ2lA
MWf7h7Dkm6uRlGhl2RvtmYa6dXFnK3RhIpdQOUT3quyhweMGspowC/tYSG+BNhy1
WukbwhIP5vTAvv1WbHTg+WaUUV+pP0TjPQcY73clHxNpI5zrNqDmwD2rogNfePKR
UI63yBUfAgMBAAECggEAGy/7xVT25J/jLr+OcRLeIGmJAZW+8P7zpUfoksuQnFHQ
QwBjBRAJ3Y5jtrESprGdUFRb0oavDHuBtWUt2XmXspWgtRn1xC8sXZExDdxmJRPA
0SFbgtgJe51gm3uDmarullPK0lCUqS92Ll3x58ZQfgGdeIHrGP3p84Q/Rk6bGcOb
cPhDYWSOYKm4i2DPM01bnZG2z4BcrWSseOmeWUxqZcMlGz9GAyepUU/EoqRIHxw/
2Y+TGus1JSy5DdhPE0HAEWKZH729ZdoyikOZCMxApQglUkRwkwhtXzVAemm6OSoy
3BEWvSEJh/F82tFrmquUoe/xd5JastlBHyD78RAakQKBgQDkHAzo1fowRI19tk7V
CPn0zMdF/UTRghtLywc/4xnw1Nd13m+orArOdVzPlQokLVNL81dIVKXnId0Hw/kX
8CRyRYz8tkL81spc39DfalZW7QI7Fschfq1Htgkxd/QEjBlIaqjkOjGSbX9xYjYU
1Db8PuGoGXWOsYiv9PCsKR056wKBgQDeOzfZSpV5kX8SECJXRA+emyCnO9S29p0W
+5BCTQp3OPnmbL7b/mGqBVJ0DC+IiN67Lu8xxzejswqLZqaRvmQuioqH+8mOGpXY
ZwhShAif2AuixxvL7OK6dvDmMqoKhBI9nZ9+XI60Cd/LjnWgyFO04uq4otnTukmY
sSP+fp6wnQKBgEopYH0WjFfDAelcKzcRywouxZ7Yn9Ypoaw7nujDcfydhktY/R5u
iLjk6T7H6tsmLU2lGLx4YNPLa6wJp+ODfKX2PMcwjojbYEFftu3cCaQLPE1vs2AN
alLFOSnvINOVpOapXq2Mye8cUHHRh1mwQQwzeXQIivLQf2sNjG28lDbvAoGACsh8
0UJZNmjk7Y9y2yEmUN/eGb9Bdw9IWBEk0tLCKz7MgW3NZQdW3dUcRx1AQTPC+vow
CQ5NmNfbLyBv/KpsWgXG6wpAoXCQzMtTEA3wDTGCfweCRcbcyYdz8PeMYK4/5FV9
o7gCBKJmBY6IDqEpzqEkGolsYGWtpIcT5Alo0dECgYEA3hzC9NLwumi/1JWm+ASS
ADTO3rrGo9hicG/WKGzSHD5l1f+IO1SfmUN/6i2JjcnE07eYArNrCfbMgkFavj50
2ne2fSaYM4p0o147O9Ty8jCyY9vuh/ZGid6qUe3TBI6/okWfmYw6FVbRpNfVEeG7
kPfkDW/JdH7qkWTFbh3eH1k=
-----END PRIVATE KEY-----

My JWE data

eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAiLCJraWQiOiJlbmNyeXB0S2V5IiwiY3R5IjoiYXBwbGljYXRpb24vanNvbiJ9.siISUDg0WMf_yrUK6IPTa6kSCBAJUwwpuNkhSNsfiHeWM86JEul085cfGFLheH5bVSWO_CwauyCKtQ0HmFMoQt0eIfUeGWr2Jod052pNDep0cAO2u2_iKl12rlP-3avbw3MW-JvWmPgbVHpv_LcxWjLEkvZ6oDh6vV0qHj3gXamRqLZtIbJ63lzyJojnqZ5Q0IVwRoiOCMIwWn4DSgdkMlcuLAwGqrDAN96gAVEZKM_NHccjgnGkvlrjwvq011hEjhHjMdmnrmRJvJkkS-zd_dEykKzUuc2CQmID1TfRL1KSgNmmxZ2a5kvV8rbmmlYDvtXb05zdWytYUN5sg6znwA.5CSWiVjFQ94CAhrs.sNGTdnyWHhH_qvqa6Xsj_8x8yT_jYed9TE0_VQUW_Wg75NUra7MiAxuRqmrmbod0H-Tc2T82ayYFSBJrDDZZ0nPuLQjRytN1vg113VwzjOnbRQBLsE1oaTzA5rVdd49eTddwxe6FLoZt8beFoB5HmcavBxB1fphkpf3HgYJRj4YwdyHNMOzcPEw_gzj-svi_LacZrWrB2YdgVtTjhdbJdPBcjQ2Uw8PnWXoU10Onezo_5EdZApaERz6o39qJnL1-GL44mOqZjyx0glYHOO_T5D8Zs112cVWtV81mUWqOrRag5CckdBOtiEMLuzH1Yampssc_JtLNQuhaTu9-7oi1LRPNUq29hsktd-eZBWxbZpn0eGczLGDHUT7_i5AvPbDFOvb-tX6eLwtiF4rXmxhPaMn2YH4SvrElj-VFkxWPgot7Z8xi-QvjotLD5zwLvgJ-gCw2yMDFGXbM29wmvoTc4rhP7GfqMxYPy7YQubPzZQkUG9rkyH5B1H0vNhI_nTDF9YvHIJbYQg9QVIsvPgYfdRJsDpohCF1DcTYyzyFue9QW2I_lQdTMjlDoFlclHgjy5t32-T-5IAr6YEKBILiIxyUxqjk_bg-Y5iA0r3s90eCZfT6r-PotxFRrm-WeVbgJvqOIyfQ4E7hRwmW-bMiT58Y5CEp0kKM2u4Mirj64Nm90u2z5yUkCDqamInKNYxaU1lEN7BCseJ699Y2yZ4KE7r6AYp6uCVZpVwMU63o8Jgt8UH9BfdvSebAOj31BmovND2r4sJK1NmfY45DNESmH_2g4iY8OZas2MHhZiToZGgewWxq3Yc7KpvRzTM-edwmfeh-UqGVdeZbc68xrh5X3gdkCkH0dSPdZA9eA8HVlQu1M2TOO90Rs7HBi1HxlMsHQZvPpJ4fM21MgyzNPq19O5MwQMN0xfl1tB7zvLBLGOT-wQzvDeCF51tQC6hs4Tha3tnrR4wni840YM0t9SCgvbyI3UVFE6JSD4S8w5YgsaDI8valG1KHrtIiIbeQErBn1Hj-J3hnfkHlcILO4JK4nWxHwuGdgYrGeyvz0p7YbVLTC-frwCFBflJlU_6HbjnG7-vMv07rViG0gQZGRw27PXAyYB6lyhXbScoX-GbL5k7oFWmsJG-xKIF9H4HPSQ1KzMTJxHNtzutM0XeB19YJt9hly4-2LPI9qgkupKG20eZbdP5n0Xyr1IOXVVNUMa3wquNmDRgPevUkIXJKdF5pjjetVFFJT4nuADKSRFKfo5ABYK1pVTBgwN1t4a3jhW6fkUejN9IosotVcbuDtQT468RGs04T5lAdFLrNs7-85kHeAbyx38e6lm_CvRnDUt_bTaA_j50L60dI3vuypWLwh5qOiyteysZvlN0uGKzrFV9NvjHnR3tcX1CTQIguZzZkNxBHtCL2Yn9zufoJ4h_QEUUNkCsTj1g74WxfrK16M_MRI5VjV8sS5PSRXdklsHQcfUqJQKjSeFZM0kXSazVLGiGaBOV3UYYI-Q2v9EBNFgSYdrGA3qLaaNfBtVQzl42skvvnsybp0UDCkLYPmBA1OrSbZKkaCHqtXMq126jF4zje78cjdIF7ive_wRcqCC7HgtgWepD_LBVWjVqwRmGHJoWFIjROc0d0_2FxAHyxHoFTr1EOWlPIRx6C-lvSvkhBlq8VyZleOgZy1Q5j-3-C8JITcyedv11j5XH-wKCNDDlogPyk_N7JvYYEVHw.aLJfWNBdLWNz1GbTtKNGvg

My code for decrypting data

public static void main(String[] args) throws Exception {
   String jweString = "above JWE data";
   JWEObject jwe = JWEObject.parse(jweString);
   jwe.decrypt(new RSADecrypter(rsaPrivateKey));
   System.out.println("Decrypted : " + jwe.getPayload().toString());
}

code for getting RSAprivate key

private static RSAPrivateKey getPrivateKeyFromString(String key) throws GeneralSecurityException {
    String privateKeyPEM = key;
    privateKeyPEM = privateKeyPEM.replace("-----BEGIN PRIVATE KEY-----\n", "");
    privateKeyPEM = privateKeyPEM.replace("-----END PRIVATE KEY-----", "");
    byte[] encoded = Base64.decodeBase64(privateKeyPEM);
    KeyFactory kf = KeyFactory.getInstance("RSA");
    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
    RSAPrivateKey privKey = (RSAPrivateKey) kf.generatePrivate(keySpec);
    return privKey;
}

Maven dependency

<dependency>
    <groupId>com.nimbusds</groupId>
    <artifactId>nimbus-jose-jwt</artifactId>
    <version>6.0</version>
</dependency>
rickythefox
  • 6,601
  • 6
  • 40
  • 62
Roshanck
  • 2,220
  • 8
  • 41
  • 56
  • I can get this work by updating Java 8: JCE Unlimited Strength Jurisdiction Policy Files. Is there a way to get this work without touching my JDK/JRE. May be using different library instead Nimbus? – Roshanck Sep 15 '18 at 13:10
  • If you use Oracle Java 8u161 or higher it now has unlimited policy builtin, and needs no change; the same for any version of OpenJDK if available for your platform. Otherwise you could avoid the JCA policy limit by changing the library to use BouncyCastle's 'lightweight' API (not just Bouncy _provider_), or writing a substitute that does so, but either of those would be quite a bit of work. PS: the tag nimbus is for something quite different, and wrong for your Q. – dave_thompson_085 Sep 15 '18 at 18:57

1 Answers1

1

Adding EncryptionMethod.A256GCM created the below exception for me, Caused by: com.nimbusds.jose.JOSEException: Couldn't create AES/GCM/NoPadding cipher: Illegal key size

Solution is- If jdk8u162 or above java version can work as it is . if lower jdk version is used then download the latest policy files[jce_policy-8.zip] and replace it in %JAVA_HOME%/jre/lib/security path.[local_policy.jar,US_export_policy.jar]

Lalitha
  • 11
  • 1
  • I had that issue with `JDK 1.8.0_101`, this solved the case, I just had to replace both jar files in `jdk` and `jre` path. – Ibrahim.H Jun 08 '21 at 13:02