Exception in thread "main" java.security.InvalidKeyException:

Hi Guys

I'm trying to implement AES 256 getting following exception.
same code is working fine for AES-128.Can any one please suggest me what to do?

Exception in thread "main" java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at com.mytestapp.EncryptTest.main(EncryptTest.java:28)

What length does the key have? For AES-256 it needs to be 256 bits = 32 bytes.

Hi Dittmer

Thanks for replying.

can you please tell me how to proceed further?

Thanks

Um, if you have code that works fine using 16 byte keys, then it can't be very hard to alter that to use 32 byte keys, can it? Do you understand what the key is in a cryptographic algorithm, and how it is used in JCE?

Hi Ulf

Actually first time i'm trying to implement AES-128/AES-256.I don't have much idea on it.

Following sample code i'm using which is working fine for AES-128 for testing purpose.If following will work for AES-256 then only i can go for real implement.

Please Help me out to resolve this issue.

package com.mytestapp;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;

public class EncryptTest {

public EncryptTest()
{

}
public static void main(String[] args) throws Exception
{
KeyGenerator keygen = KeyGenerator.getInstance("AES");
// keygen.init(128); //this works fine!
keygen.init(256); //this breaks!
SecretKey aesKey = keygen.generateKey();
Cipher aesCipher;
aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
aesCipher.init(Cipher.ENCRYPT_MODE, aesKey);

byte[] clearText = "This is an example!".getBytes();

System.out.println("ClearText: "+new String(clearText));

byte[] cipherText = aesCipher.doFinal(clearText);
System.out.println("CipherText: "+new String(cipherText));

aesCipher.init(Cipher.DECRYPT_MODE, aesKey);
byte[] clearTextDecrypt = aesCipher.doFinal(cipherText);
System.out.println("DecryptedText: " + new String(clearTextDecrypt));
boolean equalText = Arrays.equals(clearText, clearTextDecrypt);
if (equalText)
{
System.out.println("String was recovered!");
}
else
{
System.out.println("String was NOT recovered!! Booooooo....");
}
}

}

What does "this breaks" mean? If there is an exception, post it here. My guess would be that you haven't installed the unlimited-strength JCE policy files (which are needed for AES-192 and AES-256); you can download them from the JCE pages at java.sun.com.

(Alternatively, you could use a JCE provider that doesn't require those, like BouncyCastle. But that might be a bit beyond your current comfort zone with regards to JCE.)

Thanks for Replying!!!

If i'm using ASE-128 getting following exception

Exception in thread "main" java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at com.mytestapp.EncryptTest.main(EncryptTest.java:28)
else
above code is working fine

I'm getting confused about what is and isn't working. First you said AES-128 was working fine, and AES-256 was throwing an exception. Now AES-128 is throwing an exception, but "above code is working fine"? Something doesn't add up.

Sorry for Interruption!!!

while i'm using AES-128 My Above code is working fine

While trying to AES-256 getting following Exception

Exception in thread "main" java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at com.mytestapp.EncryptTest.main(EncryptTest.java:28

Thanks

So have you, or have you not, installed the unlimited-strength policy files by now? Or did you do that before already, and this exception is happening regardless?

Hi Ulf

D:\jdk1.5.0_03\jre\lib\security contains US_export_policy.jar & local_policy.jar.

still i have downloaded JCE file.

I don't know how to use?

Pleasesuggest me....

The README.txt file that's part of the download contains detailed instructions on how to install those files.

Hi ULF

I gone through readme file. I am not clear in Step -3 which is

3) Install the unlimited strength policy JAR files.

To utilize the encryption/decryption functionalities of the JCE framework without any limitation, first make a copy of the original JCE policy files (US_export_policy.jar, local_policy.jar in the standard place for JCE jurisdiction policy JAR files) in case you later decide to revert to these "strong" versions. Then replace the strong policy files with the unlimited strength versions extracted in the previous step.
The standard place for JCE jurisdiction policy JAR files is:

<java-home>/lib/security [Solaris]
<java-home>\lib\security [Win32]

But i am using windows XP OS.

Do i need to set the CLASS PATH for this?
Do i need to copy both jar file in <java-home>\lib\ directory

Thanks

<java-home>\lib\security [Win32]

But i am using windows XP OS.

"Win32" is a catch-all phrase for 32 bit Windows operating systems. That's all of them starting with NT (so it includes XP).

Do i need to set the CLASS PATH for this?

The instructions don't mention anything about classpaths, so, no.

Do i need to copy both jar file in <java-home>\lib\ directory

The instructions say:

Then replace the strong policy files with the unlimited strength versions extracted in the previous step.

Since there are only two files, that means all of them. :-)

Thanks lot ULF

Any how after struggling lot Now i am able to implement AES-256 for same application.

Thanks for your guidiance,support,and co-operation.

I have generated key using ECDH algorithm and when i used this key for AES encryption,i am getting following errors,i am using Bouncy castle jdk1.6 package....

aShared: 199694d7f0cf0867e4843ffb89e8181cd6b5922e7d68472b32adb5ff68df4dc4
Exception in thread "main" java.security.InvalidKeyException: Illegal key size or default parameters
bShared: 199694d7f0cf0867e4843ffb89e8181cd6b5922e7d68472b32adb5ff68df4dc4
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at BasicECDHExample.main(BasicECDHExample.java:75)
Java Result: 1

How should i solve this errors....

Regards
krishna

I don't know what ECDH is, but for AES you need AES keys.

hi,
when i am using key size of 128 bits for AES i am getting out put...but when i used 192,256 bit key i am getting illegal key size.. i am working in (IDE) NETBEANS.I have downloaded unlimited jurisdiction policy files and added to my library but still i am getting invalid key size... how to solve this... i am using(bouncycastle jdk1.6 package).

Exception in thread "main" java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)

Post a relevant excerpt of the code you're using. Be sure to UseCodeTags when you do so.

Actually ecdh is a elliptic curve diffie hellman method of key generation.I have generated 256bit key and used AES for encryption,so i am getting illegal key usage.

hi here is the code.....

import java.security.Security;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;

import javax.crypto.KeyAgreement;

public class BasicECDHExample {

public static void main(
String[] args)
throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
byte[] input = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
//key generated by ecdh
byte[] key1 = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e};
byte[] ivBytes = new byte[] {
0x00, 0x01, 0x02, 0x03, 0x00, 0x01, 0x02, 0x03,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };

System.out.println("input: "+getHexString(input));
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding", "BC");

// encryption step
SecretKeySpec key = new SecretKeySpec(key1,"AES");
IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);

//SecretKeySpec key1 = new SecretKeySpec(key,"AES");

cipher.init(Cipher.ENCRYPT_MODE,key,ivSpec,sr);

byte[] cipherText = cipher.doFinal(input);
System.out.println("cipher: "+getHexString(cipherText));
// decryption step

cipher.init(Cipher.DECRYPT_MODE, key,ivSpec);

byte[] plainText = cipher.doFinal(cipherText);

System.out.println("plain : "+getHexString(plainText));
}

public static String getHexString(byte[] b) throws Exception {
String result = "";
for (int i = 0; i < b.length; i++) {
result +=
Integer.toString((b[i] & 0xff) + 0x100, 16).substring(1);
}
return result;
}
}

Please edit your post to UseCodeTags. It's unnecessarily hard to read the code as it is, making it less likely that people will bother to do so.

"key1" has 30 bytes = 240 bits. That's not a valid key size for AES.

hi, even when i used a valid key of 192 bit or 256 bits i am getting error as invalid key size....
code:
byte[] key1 = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08};

error

Exception in thread "main" java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)

Not sure what's going on - the code doesn't compile:

BasicECDHExample.java:32: cannot find symbol
symbol : variable sr
location: class BasicECDHExample
cipher.init(Cipher.ENCRYPT_MODE,key,ivSpec,sr);

sr is secured random variable generator. remove the sr.. ie

cipher.init(Cipher.ENCRYPT_MODE,key,ivSpec);
then see whether it works for 192 0r 256 bit key.

Yes, it works fine.

What do you mean by "I have downloaded unlimited jurisdiction policy files and added to my library" - where did you put those files?

i have downloaded unlimited jurisdiction policy files which are jar files and i have added in my project library files in NETBEANS....

That's not how you install them - the process is described in the documentation that comes with the download.

I got it ,its working fine........... thank you very much Ulf