• Register
0 votes
352 views

Problem :

Today I installed Java 1.6.0.26 on my server user and when I try to run my application, I get the following exception.
java.security.invalidkeyexception illegal key size or default parameters
6 5 3
6,930 points

Please log in or register to answer this question.

2 Answers

0 votes

Solution :

This bellow code is the only solution. No need to download or update configuration files.

It is a reflection based solution and tested on java 8

Please call this method once, early in your program.

import javax.crypto.Cipher; 

import java.lang.reflect.Constructor;

 import java.lang.reflect.Field; 

import java.lang.reflect.Modifier; 

import java.util.Map;

public static void fixKeyLength()

 { 

String errorString = "Failed manually overriding key-length permissions."; 

int newMaxKeyLength; 

try { if ((newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES")) < 256) 

Class c = Class.forName("javax.crypto.CryptoAllPermissionCollection"); 

Constructor con = c.getDeclaredConstructor(); con.setAccessible(true); 

Object allPermissionCollection = con.newInstance(); 

Field f = c.getDeclaredField("all_allowed"); f.setAccessible(true); 

f.setBoolean(allPermissionCollection, true); 

c = Class.forName("javax.crypto.CryptoPermissions"); 

con = c.getDeclaredConstructor(); con.setAccessible(true); Object allPermissions = con.newInstance();

 f = c.getDeclaredField("perms"); 

f.setAccessible(true); 

((Map) f.get(allPermissions)).put("*",allPermissionCollection); 

c = Class.forName("javax.crypto.JceSecurityManager"); 

f = c.getDeclaredField("defaultPolicy"); 

f.setAccessible(true); 

Field mf = Field.class.getDeclaredField("modifiers"); mf.setAccessible(true); 

mf.setInt(f, f.getModifiers() & ~Modifier.FINAL); 

f.set(null, allPermissions); 

newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES"); 

}

 } 

catch (Exception e) { 

throw new RuntimeException(errorString, e); 

if (newMaxKeyLength < 256) throw new RuntimeException(errorString); 

 }

Further Readings:

9 7 4
38,600 points
0 votes

Solution:

Probably you don't have the unlimited strength file installed currently.

You may require to download this file:

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download (only necessary for versions before Java 8 u162)

Extract the jar files from the zip and save them in 

${java.home}/jre/lib/security/.

The JRE/JDK/Java 8 jurisdiction files can be found here:

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download
Install the files in 

${java.home}/jre/lib/security/.

For JAVA 7 the download link is jce-7-download

Copy the two downloaded jars in Java\jdk1.7.0_10\jre\lib\security
Take a backup of older jars to be on safer side.

For JAVA 8 the download link is jce-8-download
Copy the downloaded jars in Java\jdk1.8.0_45\jre\lib\security
Take a backup of older jars to be on safer side.

Instead you can now call the following line before first use of JCE classes ( for example right after application begin):

Security.setProperty("crypto.policy", "unlimited");

private String cryptKey = "qkjll5@2md3gs5Q@FDFqf";

By default Java backing only 128-bit encryption

Hence cryptKey cannot exceed 16 characters.

In case you need to exceed more than 16 character you have to install Java Cryptography Extension (JCE) Unlimited Strength.

The "java.security.InvalidKeyException:illegal Key Size" error message generally pops up at the time we attempt to call web services in a secured manner and your JVM is not ready for Java unlimited security jurisdiction.

For 128 bit key encryption you do not require Unlimited Strength Java Cryptography Extension jars. Default ones must perform only fine.
However, to employ 256-bit keys with AES we require to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. Infoworks exercises 256-bit keys with AES.
a) Download the Unlimited strength JCE files for java 8 from the location https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html and replace the subsisting files with the files downloaded.

b) Run the Metadata crawl job freshly.

Note: Ensure that  the above jars are placed in the java/jre/lib/security directory that Infoworks uses. Check the JAVA_HOME set in $IW_HOME/bin/env.sh file for the java installation path.

10 6 4
31,120 points

Related questions

0 votes
1 answer 3 views
3 views
Problem: I had asked a question about this earlier, but it didn't get answered right and led nowhere. So I've clarified few details on the problem and I would really like to hear your ideas on how could I fix this or what should I try. I have Java 1.6.0 ... almost completely with the 1.6.0.26 java.security file. There are no additional providers in the first one. * The previous question is here.
asked May 1 Yeamin 22k points
0 votes
1 answer 9 views
9 views
Problem: I had asked a question about this earlier, but it didn't get answered right and led nowhere. So I've clarified few details on the problem and I would really like to hear your ideas on how could I fix this or what should I try. I have Java 1.6.0 ... almost completely with the 1.6.0.26 java.security file. There are no additional providers in the first one. * The previous question is here.
asked May 1 anika11 32.2k points
0 votes
1 answer 23 views
23 views
how could I fix this or what should I try?
asked Dec 28, 2020 TeamScript 13.5k points
1 vote
1 answer 9 views
9 views
Problem : I want to know : Why is only XOR used in cryptographic algorithms, and other logic gates like OR, AND, and NOR are not used?
asked Apr 25 Abik Dey 4k points
0 votes
1 answer 159 views
159 views
Problem : I am trying to implement password based encryption algorithm, but I get this javax.crypto.badpaddingexception: given final block not properly padded
asked Oct 23, 2019 peterlaw 6.9k points
0 votes
1 answer 7 views
7 views
Problem: The encryption works fine but when I try to decrypt, I get the following exception: Padding is invalid and cannot be removed
asked Apr 2 ummesalma 29.2k points
0 votes
1 answer 1 view
1 view
Problem: Cannot find any solution, help needed >Which of the following are examples of static processes?
asked 6 hours ago Chi Omega 13.6k points
0 votes
1 answer 2 views
2 views
Problem: Any solution to this issue > Scala map flatmap filter groupby reduce fold aggregate, reduce(_+_), collect
asked Apr 30 ummeshani 10.8k points
0 votes
1 answer 3 views
3 views
Problem: I would like to remove a key from a STL map. However, map.erase() doesn't do anything. How would I go about doing this
asked Apr 19 ummesalma 29.2k points
0 votes
1 answer 4 views
4 views
problem: i am unable to fix which of the following is a source of map data?
asked Apr 15 ashik 14.6k points