Java Security: Illegal key size or default parameters?

前端 未结 19 1489
日久生厌
日久生厌 2020-11-22 03:34

I had asked a question about this earlier, but it didn\'t get answered right and led nowhere.

So I\'ve clarified few details on the problem and I would really like t

相关标签:
19条回答
  • 2020-11-22 03:59

    With Java 9, Java 8u161, Java 7u171 and Java 6u181 the limitation is now disabled by default. See issue in Java Bug Database.


    Beginning with Java 8u151 you can disable the limitation programmatically.

    In older releases, JCE jurisdiction files had to be downloaded and installed separately to allow unlimited cryptography to be used by the JDK. The download and install steps are no longer necessary.

    Instead you can now invoke the following line before first use of JCE classes (i.e. preferably right after application start):

    Security.setProperty("crypto.policy", "unlimited");
    
    0 讨论(0)
  • 2020-11-22 03:59

    This is a code only solution. No need to download or mess with configuration files.

    It's a reflection based solution, tested on java 8

    Call this method once, early in your program.

    //Imports

    import javax.crypto.Cipher;
    import java.lang.reflect.Constructor;
    import java.lang.reflect.Field;
    import java.lang.reflect.Modifier;
    import java.util.Map;
    

    //method

    public static void fixKeyLength() {
        String errorString = "Failed manually overriding key-length permissions.";
        int newMaxKeyLength;
        try {
            if ((newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES")) < 256) {
                Class c = Class.forName("javax.crypto.CryptoAllPermissionCollection");
                Constructor con = c.getDeclaredConstructor();
                con.setAccessible(true);
                Object allPermissionCollection = con.newInstance();
                Field f = c.getDeclaredField("all_allowed");
                f.setAccessible(true);
                f.setBoolean(allPermissionCollection, true);
    
                c = Class.forName("javax.crypto.CryptoPermissions");
                con = c.getDeclaredConstructor();
                con.setAccessible(true);
                Object allPermissions = con.newInstance();
                f = c.getDeclaredField("perms");
                f.setAccessible(true);
                ((Map) f.get(allPermissions)).put("*", allPermissionCollection);
    
                c = Class.forName("javax.crypto.JceSecurityManager");
                f = c.getDeclaredField("defaultPolicy");
                f.setAccessible(true);
                Field mf = Field.class.getDeclaredField("modifiers");
                mf.setAccessible(true);
                mf.setInt(f, f.getModifiers() & ~Modifier.FINAL);
                f.set(null, allPermissions);
    
                newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES");
            }
        } catch (Exception e) {
            throw new RuntimeException(errorString, e);
        }
        if (newMaxKeyLength < 256)
            throw new RuntimeException(errorString); // hack failed
    }
    

    Credits: Delthas

    0 讨论(0)
  • 2020-11-22 03:59

    I experienced the same error while using Windows 7 x64, Eclipse, and JDK 1.6.0_30. In the JDK installation folder there is a jre folder. This threw me off at first as I was adding the aforementioned jars to the JDK's lib/security folder with no luck. Full path:

    C:\Program Files\Java\jdk1.6.0_30\jre\lib\security
    

    Download and extract the files contained in the jce folder of this archive into that folder.

    0 讨论(0)
  • 2020-11-22 04:04

    In Java, by default AES supports a 128 Bit key, if you plans to use 192 Bit or 256 Bit key, java complier will throw Illegal key size Exception, which you are getting.

    The solution is as victor & James suggested, you will need to download JCE (Java Cryptography Extension) as per your JRE version,(java6, java7 or java8).

    The JCE zip contains following JAR:

    1. local_policy.jar
    2. US_export_policy.jar

    You need to replace these jar form your <JAVA_HOME>/jre/lib/security. if you are on a unix system the will probably refer to /home/urs/usr/lib/jvm/java-<version>-oracle/

    Sometimes just replacing local_policy.jar, US_export_policy.jar in security folder doesn't work on unix, so I suggest to copy security folder to your desktop first, replace the jar's @Desktop/security folder, delete the security folder from /jre/lib/ & move the Desktop security folder to /jre/lib/.

    eg :: sudo mv security /usr/lib/jvm/java-7-oracle/jre/lib

    0 讨论(0)
  • 2020-11-22 04:05

    Starting from Java 9 or 8u151, you can use comment a line in the file:

    <JAVA_HOME>/jre/lib/security/java.security
    

    And change:

    #crypto.policy=unlimited
    

    to

    crypto.policy=unlimited
    
    0 讨论(0)
  • 2020-11-22 04:07

    Make sure you use the latest version of JDK/JRE.

    In my case, I had put JCE into JRE folder, but it didn't help. It happened because I was running my project from the IDE directly (using JDK).

    Then I updated my JDK and JRE to the latest version (1.8.0_211) and the problem had gone.

    More details: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8170157

    0 讨论(0)
提交回复
热议问题