Why Use Java Cryptography Extension (JCE) Unlimited Strength ?

An issue with Selecting the Encryption key size in java is that JDK has a key size specified in the Shipped out version. On doing a 256-bit AES encryption with the default JDK,will  throw an InvalidKeyException, Exception with message "Illegal key size or default parameters". This is because of an arbitrary restriction imposed by JDK with default settings.

 The Cipher size by default is 128 bit and this is because of the restrictions imposed by some countries on the key size.

 How to make it 256 ?.. 

 and in order to make it to a 256 bit requires a JCE - Java Cryptography Extension Unlimited Strength 

 Downloadable from this link

 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

 This will enable to have a 256 bit key encryption possible.  The Deployment instructions are defined in the bundle.After unzipping, copy paste the jars to Lib/Secuirty folder under JRE. if referring to a JDK, JRE will be within the JDK installation path.

 Know Client Default length

 
int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");


This line will give default length.


Reference


http://www.javamex.com/tutorials/cryptography/unrestricted_policy_files.shtml


http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

Comments

Post a Comment

Popular posts from this blog

'jasypt.encryptor.password' or one of ['jasypt.encryptor.privateKeyString', 'jasypt.encryptor.privateKeyLocation'] must be provided for Password-based or Asymmetric encryption

Image
      Intellij spring boot build failing not seeing the jasypt password. The same is working fine with the normal startup and is also working with mvn command.     Caused by: org.springframework.boot.context.properties.ConfigurationPropertiesBindException: Error creating bean with name 'spring.security-org.springframework.boot.autoconfigure.security.SecurityProperties': Could not bind properties to 'SecurityProperties' : prefix=spring.security, ignoreInvalidFields=false, ignoreUnknownFields=true; nested exception is org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.security.user.password' to java.lang.String Caused by: org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.security.user.password' to java.lang.String Caused by: org.springframework.cache.Cache$ValueRetrievalException: Value for key 'spring.security.user.password' could not be load
Read more

Field or property 'jobParameters' cannot be found on object of type 'org.springframework.beans.factory.config.BeanExpressionContext' - Spring Batch

This Error happens when you are trying to retrieve a Job Execution parameter and inject it into a Bean. The bean can be anything a Task let, or a StatmentSetter the error can happen. E.g Implementation <bean id = "flatFileItemReader" scope="step" class="org.springframework.batch.item.file.FlatFileItemReader"> <property name = "resource" value = "#{jobParameters[input.file.name]}" /> </bean> The error is because of the Scope parameter missing Using a scope of  Step  is required in order to use late binding since the bean cannot actually be instantiated until the  Step  starts, which allows the attributes to be found. Because it is not part of the Spring container by default, the scope must be added explicitly. Check out the Documentation here ..  http://docs.spring.io/spring-batch/reference/html/configureStep.html#step-scope
Read more

java.security.spec.InvalidKeySpecException: Only RSAPrivate(Crt)KeySpec and PKCS8EncodedKeySpec supported for RSA private keys

public PrivateKey getPrivateKey(String fileName) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { byte[] keyFileBytes = readKeyFile(fileName); X509EncodedKeySpec spec = new X509EncodedKeySpec(keyFileBytes); KeyFactory kf = KeyFactory.getInstance("RSA"); return kf.generatePrivate(spec); } The reason is this line, This is used to read public key spec and not private key. The private key is read via PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec ( keyBytes ); So as the error says it needs to be in PKCS8 spec format for java to understand.
Read more