• Register
0 votes

Problem :

Today I installed Java on my server user and when I try to run my application, I get the following exception.
java.security.invalidkeyexception illegal key size or default parameters
6 5 3
6,930 points

2 Answers

0 votes

Solution :

This bellow code is the only solution. No need to download or update configuration files.

It is a reflection based solution and tested on java 8

Please call this method once, early in your program.

import javax.crypto.Cipher; 

import java.lang.reflect.Constructor;

 import java.lang.reflect.Field; 

import java.lang.reflect.Modifier; 

import java.util.Map;

public static void fixKeyLength()


String errorString = "Failed manually overriding key-length permissions."; 

int newMaxKeyLength; 

try { if ((newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES")) < 256) 

Class c = Class.forName("javax.crypto.CryptoAllPermissionCollection"); 

Constructor con = c.getDeclaredConstructor(); con.setAccessible(true); 

Object allPermissionCollection = con.newInstance(); 

Field f = c.getDeclaredField("all_allowed"); f.setAccessible(true); 

f.setBoolean(allPermissionCollection, true); 

c = Class.forName("javax.crypto.CryptoPermissions"); 

con = c.getDeclaredConstructor(); con.setAccessible(true); Object allPermissions = con.newInstance();

 f = c.getDeclaredField("perms"); 


((Map) f.get(allPermissions)).put("*",allPermissionCollection); 

c = Class.forName("javax.crypto.JceSecurityManager"); 

f = c.getDeclaredField("defaultPolicy"); 


Field mf = Field.class.getDeclaredField("modifiers"); mf.setAccessible(true); 

mf.setInt(f, f.getModifiers() & ~Modifier.FINAL); 

f.set(null, allPermissions); 

newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES"); 



catch (Exception e) { 

throw new RuntimeException(errorString, e); 

if (newMaxKeyLength < 256) throw new RuntimeException(errorString); 


Further Readings:

9 7 4
38,600 points
0 votes


Probably you don't have the unlimited strength file installed currently.

You may require to download this file:

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download (only necessary for versions before Java 8 u162)

Extract the jar files from the zip and save them in 


The JRE/JDK/Java 8 jurisdiction files can be found here:

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download
Install the files in 


For JAVA 7 the download link is jce-7-download

Copy the two downloaded jars in Java\jdk1.7.0_10\jre\lib\security
Take a backup of older jars to be on safer side.

For JAVA 8 the download link is jce-8-download
Copy the downloaded jars in Java\jdk1.8.0_45\jre\lib\security
Take a backup of older jars to be on safer side.

Instead you can now call the following line before first use of JCE classes ( for example right after application begin):

Security.setProperty("crypto.policy", "unlimited");

private String cryptKey = "qkjll5@2md3gs5Q@FDFqf";

By default Java backing only 128-bit encryption

Hence cryptKey cannot exceed 16 characters.

In case you need to exceed more than 16 character you have to install Java Cryptography Extension (JCE) Unlimited Strength.

The "java.security.InvalidKeyException:illegal Key Size" error message generally pops up at the time we attempt to call web services in a secured manner and your JVM is not ready for Java unlimited security jurisdiction.

For 128 bit key encryption you do not require Unlimited Strength Java Cryptography Extension jars. Default ones must perform only fine.
However, to employ 256-bit keys with AES we require to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. Infoworks exercises 256-bit keys with AES.
a) Download the Unlimited strength JCE files for java 8 from the location https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html and replace the subsisting files with the files downloaded.

b) Run the Metadata crawl job freshly.

Note: Ensure that  the above jars are placed in the java/jre/lib/security directory that Infoworks uses. Check the JAVA_HOME set in $IW_HOME/bin/env.sh file for the java installation path.

10 6 4
31,120 points

Related questions

0 votes
1 answer 124 views
Problem : I am trying to implement password based encryption algorithm, but I get this javax.crypto.badpaddingexception: given final block not properly padded
asked Oct 23, 2019 peterlaw 6.9k points
1 vote
1 answer 37 views
Problem: I've got a simple code of java. I am being a failure to compile my program. It throws back an unknown error says, missing '}' or illegal start of expression. Here is my code snippet public class MyClass { public static void main(String[] args) { count(); public static int count() { return 0; } } Any idea? An advance thanks for your solution.
asked Apr 4 Gavin 15.3k points
0 votes
1 answer 46 views
Problem : I have the Java web service client, which consumes the web service via HTTPS. When I try to connect to the service URL (https://AAA.BBB.CCC.DDD:9443/ISomeService ), I get the exception as below: &ldquo; Java.security.cert.CertificateException: No subject alternative names present.&rdquo;
asked Jan 21 jwilliam 3.9k points
0 votes
1 answer 92 views
Problem : I am trying to create a file in a folder but I am getting exception as java.security.AccessControlException:Access denied
asked Oct 23, 2019 peterlaw 6.9k points
0 votes
1 answer 105 views
Problem : I have a Java web service client, which consumes a web service via HTTPS. When I connect to the service URL, I get the exception java.security.cert.CertificateException: No subject alternative names present.
asked Oct 22, 2019 peterlaw 6.9k points