java.security.InvalidKeyException: Illegal key size or default parameters in android
I got the following error and I got a little stuck: Exception in thread \"main\"
java.security.InvalidKeyException: Illegal key size or default parameters
a
-
private String cryptKey = "qkjll5@2md3gs5Q@FDFqf";By default Java supports only 128-bit encryption
128bits == 16Bytes == 16 Chars.
So
cryptKeycannot exceed 16 characters.If you want to exceed more than 16 character you have to install Java Cryptography Extension (JCE) Unlimited Strength.
Why 128bits?
讨论(0) -
This is a code only solution. No need to download or mess with configuration files.
It's a reflection based solution, tested on java 8
Call this method once, early in your program or while application is being started.
//Imports
import javax.crypto.Cipher; import java.lang.reflect.Constructor; import java.lang.reflect.Field; import java.lang.reflect.Modifier; import java.util.Map;//method
public static void fixKeyLength() { String errorString = "Failed manually overriding key-length permissions."; int newMaxKeyLength; try { if ((newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES")) < 256) { Class c = Class.forName("javax.crypto.CryptoAllPermissionCollection"); Constructor con = c.getDeclaredConstructor(); con.setAccessible(true); Object allPermissionCollection = con.newInstance(); Field f = c.getDeclaredField("all_allowed"); f.setAccessible(true); f.setBoolean(allPermissionCollection, true); c = Class.forName("javax.crypto.CryptoPermissions"); con = c.getDeclaredConstructor(); con.setAccessible(true); Object allPermissions = con.newInstance(); f = c.getDeclaredField("perms"); f.setAccessible(true); ((Map) f.get(allPermissions)).put("*", allPermissionCollection); c = Class.forName("javax.crypto.JceSecurityManager"); f = c.getDeclaredField("defaultPolicy"); f.setAccessible(true); Field mf = Field.class.getDeclaredField("modifiers"); mf.setAccessible(true); mf.setInt(f, f.getModifiers() & ~Modifier.FINAL); f.set(null, allPermissions); newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES"); } } catch (Exception e) { throw new RuntimeException(errorString, e); } if (newMaxKeyLength < 256) throw new RuntimeException(errorString); // hack failed }讨论(0) -
Default JDK supports encryption only through 128 bit keys becuase of American restrictions. So to support encryption from 256 bit long key we have to replace local_policy.jar and US_export_policy.jars in $JAVA_HOME/java-8-oracle/jre/lib/security folder otherwise it will give java.security.InvalidKeyException: Illegal key size or default
讨论(0) -
There have been updates since Java 8/9
- The Unlimited Strength Jurisdiction Policy Files are included with Java 9 and used by default
- Starting with Java 8 Update 161, Java 8 defaults to the Unlimited Strength Jurisdiction Policy.
Starting with Java 8 Update 151, the Unlimited Strength Jurisdiction Policy is included with Java 8 but not used by default. To enable it, you need to edit the java.security file in
<java_home>/jre/lib/security(for JDK) or<java_home>/lib/security(for JRE). Uncomment (or include) the linecrypto.policy=unlimitedMake sure you edit the file using an editor run as administrator. The policy change only takes effect after restarting the JVM
Before Java 8 Update 151 you have to download JCE Unlimited Strength Jurisdiction Policy files and replace.
For more details see How to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files
PS: Above link goes to my personal blog that has additional details.
讨论(0) -
You can remove the maximum key restriction by replacing the existing JCE jars with unlimited strength policy jars.
For JAVA 8 the download JCE Jar from link - https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
(/usr/libexec/java_home -v to find Java_HOME in Mac)
Copy local_policy.jar and US_export_policy.jar extracted from above zip file to the $JAVA_HOME/jre/lib/security
讨论(0)
加载中...
- 热议问题