aspose file tools*
The moose likes Java in General and the fly likes Cipher Class and Key Length for AES Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Cipher Class and Key Length for AES" Watch "Cipher Class and Key Length for AES" New topic
Author

Cipher Class and Key Length for AES

Dennis Putnam
Ranch Hand

Joined: Feb 03, 2012
Posts: 217
I'm trying to use the Cipher class and am not understanding allowable key lengths (in init). According to the documentation 128, 192 and 256 bits, among others, should all be valid. When I use a 16 byte string (128 bits) it accepts it as I expected. However, If I try a 24 (192 bits) or 32 byte string (256 bits) I get an InvalidKeyException (Illegal key size or default papameters). What size strings am I allowed to use that are >16 bytes? TIA.
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1084
    
  10

Sounds like you have not installed the "Unlimited Strength" jars. Go to the Java download page, download the 'unlimited' file and follow the installation instructions.
Dennis Putnam
Ranch Hand

Joined: Feb 03, 2012
Posts: 217
Thanks, I'll try it. I personally would not call 192 or even 256, particularly strong (1024 is strong, IMO) so it did not occur to me that I would need that jar.
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1084
    
  10

Dennis Putnam wrote:I personally would not call 192 or even 256, particularly strong (1024 is strong, IMO) so it did not occur to me that I would need that jar.


For symmetric encryption a 192 bit key is considered strong; what makes you think it is not?
Dennis Putnam
Ranch Hand

Joined: Feb 03, 2012
Posts: 217
I guess because I'm used to 1024 or better.
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1084
    
  10

Dennis Putnam wrote:I guess because I'm used to 1024 or better.


You might be using 1024 bits for asymmetric public key encryption such as RSA but not for symmetric encryption like AES! These days, for public key encryption using RSA, 1024 bits is considered weak!
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 19004
    
  40

Richard Tookey wrote:
Dennis Putnam wrote:I guess because I'm used to 1024 or better.


You might be using 1024 bits for asymmetric public key encryption such as RSA but not for symmetric encryption like AES! These days, for public key encryption using RSA, 1024 bits is considered weak!


Highly agree. The algorithm is very important here. You can't really judge whether a certain keylength is strong or not, without knowing what algorithm you are using.

Henry


Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
Dennis Putnam
Ranch Hand

Joined: Feb 03, 2012
Posts: 217
Thanks. You are correct that I primarily use RSA but with 2048 or better.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Cipher Class and Key Length for AES