0

Following code is written to encrypt the plain text, I am using IAIK Twofish encryption/decryption code in java below sample code works fine with 128 bit key but when i try it with 192 and 156 bit key it gives an exception that java.security.InvalidKeyException: Key must be 128, 192, or 256 bit long!- 

private static void doCrypto(int cipherMode, String key, File inputFile, File outputFile) throws CryptoException {
        try {
            SecretKey secretKey = new SecretKeySpec(key.getBytes(), ALGORITHM);
            Cipher cipher = Cipher.getInstance(TRANSFORMATION, "IAIK");
            cipher.init(cipherMode, secretKey); 
            FileInputStream inputStream = new FileInputStream(inputFile);
            byte[] inputBytes = new byte[(int) inputFile.length()];
            inputStream.read(inputBytes);
            byte[] outputBytes = cipher.doFinal(inputBytes);
            FileOutputStream outputStream = new FileOutputStream(outputFile);
            outputStream.write(outputBytes);
            inputStream.close();
            outputStream.close();
        } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException | BadPaddingException
                | IllegalBlockSizeException | IOException ex) {
            throw new CryptoException("Error encrypting/decrypting file", ex);
        } catch (NoSuchProviderException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }

for above method when I am giving 128 bit key it works fine as below, 

    KeyGenerator keyGen = KeyGenerator.getInstance("Twofish", "IAIK");
    keyGen.init(192);
    txtSecretKey.setText(iaik.utils.Util.toString(key.getEncoded()));
    SekertKey key = key.generateKey();
    encrypt(txtSecretKey.getText(), inputFile, encryptedFile);
Caused by: java.security.InvalidKeyException: Key must be 128, 192, or 256 bit long!
    at iaik.security.cipher.N.a(Unknown Source)
    at iaik.security.cipher.i.a(Unknown Source)
    at iaik.security.cipher.a.engineInit(Unknown Source)
    at javax.crypto.Cipher.init(Cipher.java:1249)
    at javax.crypto.Cipher.init(Cipher.java:1189)
    at com.opensourse.crypto.twofish.CryptoUtils.doCrypto(CryptoUtils.java:38)
Dheeraj Singh
  • 109
  • 1
  • 16

3 Answers3

0

Make sure you have the "java cryptography extension (jce) unlimited strength jurisdiction policy files 8" from here. See this for instructions.

Kev
  • 21
  • 4
  • I have enabled above stated unlimited strength jurisdiction policy, No changed, it is working fine with 128 bit key it starts behaving differently when i generate 192 and 256 bit key. – Dheeraj Singh Jun 10 '20 at 09:47
  • What's in encrypt(txtSecretKey.getText(), inputFile, encryptedFile) ? Check if the key is really 192 bits long. – Kev Jun 10 '20 at 12:11
  • Yes I have checked below are generated secret keys :- 128bit-DC2A9E5A58086AE5AC88CA9D4146B911 192bit-598537E137985BE955AD732F7680C019666B0C3154A187D4 256bit-3C448EAA34F43D8F25A63A22E6506BE167D1E50255FA7905FC87A4598120FB28 the point is when I pass 128 bit it works very fine, forr (192,256) it start giving me exceptions – Dheeraj Singh Jun 10 '20 at 12:39
0

It's always good to doublecheck some answers as the error "128bit aes key is working, 192/256 keys not" is symptomatic for a limited cryptographic policy. Please run this little program and show us the results on console ("false" means unlimited crypto policy...)

import javax.crypto.Cipher;
import java.security.NoSuchAlgorithmException;
public class Main {
    public static void main(String[] args) {
        System.out.println("\nTest with Java version: " + Runtime.version());
        System.out.println("Java restricted cryptography: " + restrictedCryptography());
    }
    /**
     * Determines if cryptography restrictions apply.
     * Restrictions apply if the value of {@link Cipher#getMaxAllowedKeyLength(String)} returns a value smaller than {@link Integer#MAX_VALUE} if there are any restrictions according to the JavaDoc of the method.
     * This method is used with the transform <code>"AES/CBC/PKCS5Padding"</code> as this is an often used algorithm that is <a href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#impl">an implementation requirement for Java SE</a>.
     *
     * @return <code>true</code> if restrictions apply, <code>false</code> otherwise
     *
     * code by Maarten Bodewes, https://stackoverflow.com/questions/7953567/checking-if-unlimited-cryptography-is-available#
     */
    public static boolean restrictedCryptography() {
        try {
            return Cipher.getMaxAllowedKeyLength("AES/CBC/PKCS5Padding") < Integer.MAX_VALUE;
        } catch (final NoSuchAlgorithmException e) {
            throw new IllegalStateException("The transform \"AES/CBC/PKCS5Padding\" is not available (the availability of this algorithm is mandatory for Java SE implementations)", e);
        }
    }
}
Michael Fehr
  • 5,827
  • 2
  • 19
  • 40
0

In your main method you're transforming the SecretKey to a String that is shown in a (GUI) textfield. Printing out the contents of the key looks like:

key in hex: 7b44a1f09136a248a40c8043fa02fbcf
textfield : 7B:44:A1:F0:91:36:A2:48:A4:0C:80:43:FA:02:FB:CF

Converting this String in the textfield back to a byte[] to regenerate the secretKey with ".getBytes" will fail as the colon chars will be decoded as well:

SecretKey secretKey = new SecretKeySpec(key.getBytes(), ALGORITHM)

The IAIK-Util-class provides a ".toByteArray" method that simply ignores other chars than '0-9' and 'a-f', see the documentation in http://javadoc.iaik.tugraz.at/iaik_jce/current/iaik/utils/Util.html:

Convert the given string with hex values to a byte array. For example "001122" is turned into {0, 0x11, 0x22}. All characters outside the range of '0'-'9', 'a'-'z', and 'A'-'Z' or simply ignored.

Simply change the line in doCrypto-method and all is working:

SecretKey secretKey = new SecretKeySpec(iaik.utils.Util.toByteArray(key), ALGORITHM);
Michael Fehr
  • 5,827
  • 2
  • 19
  • 40