{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 梦该遗忘 的问题《InvalidKeyException Illegal key size》','https://www.manongdao.com/q-7807.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a test which runs great on my development MacBook Pro, but fails to run in continuous integration TeamCity server.
The error is following:
java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
Both development box and TeamCity uses Java 1.6 and I use BouncyCastle library for the need of special AES encryption.
The code is following:
private byte[] aesEncryptedInfo(String info) throws UnsupportedEncodingException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidParameterSpecException, InvalidAlgorithmParameterException, NoSuchProviderException {
Security.addProvider(new BouncyCastleProvider());
SecretKey secret = new SecretKeySpec(CUSTOMLONGSECRETKEY.substring(0, 32).getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, secret, new IvParameterSpec(VECTOR_SECRET_KEY.getBytes()));
return cipher.doFinal(info.getBytes("UTF-8"));
}
UPDATE
Looks like according to the selected answer I have to modify something on my TeamCity installation and it will possibly affect some user installations - so its not a good choice I have to switch to another crypto library to do that without limitations. So probably bouncy castle will help.
UPDATE 2
I actually switched to use BouncyCastle to avoid this limitation. Note this only works if you use own BC classes directly, not the BC provider.
Make sure you know the path to JAVA_HOME that your IDE uses. In order to copy to the correct path.
In my case I use IntelliJ: /Library/Java/JavaVirtualMachines/jdk1.8.0_112.jdk/Contents/Home/jre/lib/security
Instead of when i show the $JAVA_HOME in the console. /Users/myuser/.sdkman/candidates/java/current/jre/lib/security
I was facing the same issue for jdk 1.8.0_151-
For this and above version, you do not need to download the jar files related to security.Because, local_policy.jar and US_export_policy.jar is already included in these versions under the path- \jre\lib\security\policy (JAVA_HOME refers to your current java installation folder) The only chng you need to make is in java.security file which is present in /jre/lib/security - uncomment the line - crypto.policy=unlimited
In addition to installing policy files, also make sure that
CUSTOMLONGSECRETKEY...getBytes()does indeed produce 32 bytes array. I would useCUSTOMLONGSECRETKEY.getBytes(some encoding)and get first 32 bytes from that. Better yet, use whole secret key to derive keys for AES with the size that you need.This error means that your Java virtual machine uses a policy that only allows restricted cryptography key sizes due to US export laws.
Java 9 and higher
The Unlimited Strength Jurisdiction Policy Files are included with Java 9 and used by default (see Security Updates in the Java 9 Migration Guide).
If you get this error with Java 9, it might mean the policy configuration has been changed to a more restrictive policy (
limited), see the instructions from the migration guide:Java 8 and earlier
Java 8 Update 161 and higher
Starting with Java 8 Update 161, Java 8 defaults to the Unlimited Strength Jurisdiction Policy. If you receive this error, it could indicate the configuration has been changed to
limited. See instructions in the next section on Java 8 Update 151, or the previous section on Java 9, for changing this back tounlimited.Java 8 Update 151 and higher
Starting with Java 8 Update 151, the Unlimited Strength Jurisdiction Policy is included with Java 8 but not used by default. To enable it, you need to edit the
java.securityfile in<java_home>/jre/lib/security(for JDK) or<java_home>/lib/security(for JRE). Uncomment (or include) the lineMake sure you edit the file using an editor run as administrator.
The policy change only takes effect after restarting the JVM (this is especially important for long-running server processes like Tomcat).
For backwards compatibility, installing the policy files as documented in the next section will still work as well.
Before Java 8 Update 151
For Java 8 Update 144 and earlier, you need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (available at Oracle).
To install these files (from the
README.txtin the download):Note for the JDK it is in jre/lib/security.
The new policy file only takes effect after restarting the JVM (this is especially important for long-running server processes like Tomcat).
I had a similar problem, but in my case, there was a path error.
JAVA_HOME was jdk1.6.0_18, so I put the two jars into
jdk1.6.0_18/lib/security, but within jdk1.6.0_18 is thejredirectory. Both files should have been put injdk1.6.0_18/jre/lib/security.