Java Security: Illegal key size or default parameters?

Question

I had asked a question about this earlier, but it didn\'t get answered right and led nowhere.

So I\'ve clarified few details on the problem and I would really like t

Answer 1

By default, Java only supports AES 128 bit (16 bytes) key sizes for encryption. If you do not need more than default supported, you can trim the key to the proper size before using Cipher. See javadoc for default supported keys.

This is an example of generating a key that would work with any JVM version without modifying the policy files. Use at your own discretion.

Here is a good article on whether key 128 to 256 key sizes matter on AgileBits Blog

SecretKeySpec getKey() {
    final pass = "47e7717f0f37ee72cb226278279aebef".getBytes("UTF-8");
    final sha = MessageDigest.getInstance("SHA-256");

    def key = sha.digest(pass);
    // use only first 128 bit (16 bytes). By default Java only supports AES 128 bit key sizes for encryption.
    // Updated jvm policies are required for 256 bit.
    key = Arrays.copyOf(key, 16);
    return new SecretKeySpec(key, AES);
}