InvalidKeyException : Illegal Key Size - Java 代码抛出加密类异常 - 如何修复?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6363801/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
InvalidKeyException : Illegal Key Size - Java code throwing exception for encryption class - how to fix?
提问by katura
I've been trying to get some working Java code to use for encrypting Paypal buttons. This is no easy task! Even when I get some code, from Paypal, I'm faced with errors..ugh..
我一直在尝试使用一些有效的 Java 代码来加密 Paypal 按钮。这不是一件容易的事!即使我从 Paypal 获得了一些代码,我也面临着错误......呃......
So here is what I have so far, that I think will work eventually.
所以这就是我到目前为止所拥有的,我认为最终会奏效。
I downloaded the Java.zip file from Paypal's website. Within it are two classes - ClientSide.java and ButtonEncryption.java
我从 Paypal 的网站下载了 Java.zip 文件。其中有两个类 - ClientSide.java 和 ButtonEncryption.java
The Problem -I'm getting an InvalidKeyException : Illegal key sizeerror.
问题 -我收到一个InvalidKeyException : Illegal key size错误。
Questions
1) How do I resolve this issue? 2) What line of code is throwing the error?
问题
1) 我如何解决这个问题?2)哪行代码抛出错误?
C:\jakarta-tomcat\webapps\PlanB\WEB-INF\classes>java palmb.servlets.paypal.ButtonEncryption
java.io.IOException: exception decrypting data - java.security.InvalidKeyException: Illegal key size
at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.cryptData(Unknown Source)
at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at palmb.servlets.paypal.ClientSide.getButtonEncryptionValue(ClientSide.java:63)
at palmb.servlets.paypal.ButtonEncryption.main(ButtonEncryption.java:81)
ClientSide class
客户端类
package palmb.servlets.paypal;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.util.encoders.Base64;
/**
*/
public class ClientSide
{
private String keyPath;
private String certPath;
private String paypalCertPath;
private String keyPass;
public ClientSide( String keyPath, String certPath, String paypalCertPath, String keyPass )
{
this.keyPath = keyPath;
this.certPath = certPath;
this.paypalCertPath = paypalCertPath;
this.keyPass = keyPass;
}
public String getButtonEncryptionValue(String _data, String _privateKeyPath, String _certPath, String _payPalCertPath,
String _keyPass) throws IOException,CertificateException,KeyStoreException,
UnrecoverableKeyException,InvalidAlgorithmParameterException,NoSuchAlgorithmException,
NoSuchProviderException,CertStoreException,CMSException {
_data = _data.replace(',', '\n');
CertificateFactory cf = CertificateFactory.getInstance("X509", "BC");
// Read the Private Key
KeyStore ks = KeyStore.getInstance("PKCS12", "BC");
ks.load( new FileInputStream(_privateKeyPath), _keyPass.toCharArray() );
String keyAlias = null;
Enumeration aliases = ks.aliases();
while (aliases.hasMoreElements()) {
keyAlias = (String) aliases.nextElement();
}
PrivateKey privateKey = (PrivateKey) ks.getKey( keyAlias, _keyPass.toCharArray() );
// Read the Certificate
X509Certificate certificate = (X509Certificate) cf.generateCertificate( new FileInputStream(_certPath) );
// Read the PayPal Cert
X509Certificate payPalCert = (X509Certificate) cf.generateCertificate( new FileInputStream(_payPalCertPath) );
// Create the Data
byte[] data = _data.getBytes();
// Sign the Data with my signing only key pair
CMSSignedDataGenerator signedGenerator = new CMSSignedDataGenerator();
signedGenerator.addSigner( privateKey, certificate, CMSSignedDataGenerator.DIGEST_SHA1 );
ArrayList certList = new ArrayList();
certList.add(certificate);
CertStore certStore = CertStore.getInstance( "Collection", new CollectionCertStoreParameters(certList) );
signedGenerator.addCertificatesAndCRLs(certStore);
CMSProcessableByteArray cmsByteArray = new CMSProcessableByteArray(data);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
cmsByteArray.write(baos);
System.out.println( "CMSProcessableByteArray contains [" + baos.toString() + "]" );
CMSSignedData signedData = signedGenerator.generate(cmsByteArray, true, "BC");
byte[] signed = signedData.getEncoded();
CMSEnvelopedDataGenerator envGenerator = new CMSEnvelopedDataGenerator();
envGenerator.addKeyTransRecipient(payPalCert);
CMSEnvelopedData envData = envGenerator.generate( new CMSProcessableByteArray(signed),
CMSEnvelopedDataGenerator.DES_EDE3_CBC, "BC" );
byte[] pkcs7Bytes = envData.getEncoded();
return new String( DERtoPEM(pkcs7Bytes, "PKCS7") );
}
public static byte[] DERtoPEM(byte[] bytes, String headfoot)
{
ByteArrayOutputStream pemStream = new ByteArrayOutputStream();
PrintWriter writer = new PrintWriter(pemStream);
byte[] stringBytes = Base64.encode(bytes);
System.out.println("Converting " + stringBytes.length + " bytes");
String encoded = new String(stringBytes);
if (headfoot != null) {
writer.print("-----BEGIN " + headfoot + "-----\n");
}
// write 64 chars per line till done
int i = 0;
while ((i + 1) * 64 < encoded.length()) {
writer.print(encoded.substring(i * 64, (i + 1) * 64));
writer.print("\n");
i++;
}
if (encoded.length() % 64 != 0) {
writer.print(encoded.substring(i * 64)); // write remainder
writer.print("\n");
}
if (headfoot != null) {
writer.print("-----END " + headfoot + "-----\n");
}
writer.flush();
return pemStream.toByteArray();
}
}
ButtonEncryption class
ButtonEncryption 类
package palmb.servlets.paypal;
//import com.paypal.crypto.sample.*;
import palmb.servlets.paypal.ClientSide;
import java.io.*;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import org.bouncycastle.cms.CMSException;
/**
*/
public class ButtonEncryption {
//path to public cert
private static String certPath = "C:/jakarta-tomcat/webapps/PlanB/Certs/public-cert.pem";
//path to private key in PKCS12 format
private static String keyPath = "C:/jakarta-tomcat/webapps/PlanB/Certs/my_pkcs12.p12";
//path to Paypal's public cert
private static String paypalCertPath = "C:/jakarta-tomcat/webapps/PlanB/Certs/paypal_cert_pem.txt";
//private key password
private static String keyPass = "password"; //will be replaced with actual password when compiled and executed
//the button command, properties/parameters
private static String cmdText = "cmd=_xclick\[email protected]\nitem_name=vase\nitemprice=25.00"; //cmd=_xclick,[email protected],amount=1.00,currency_code=USD
//output file for form code
private static String output = "test.html";
public static void main(String[] args)
{
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
String stage = "sandbox";
try
{
ClientSide client_side = new ClientSide( keyPath, certPath, paypalCertPath, keyPass );
String result = client_side.getButtonEncryptionValue( cmdText, keyPath, certPath, paypalCertPath, keyPass );
File outputFile = new File( output );
if ( outputFile.exists() )
outputFile.delete();
if ( result != null && result != "")
{
try {
OutputStream fout= new FileOutputStream( output );
OutputStream bout= new BufferedOutputStream(fout);
OutputStreamWriter out = new OutputStreamWriter(bout, "US-ASCII");
out.write( "<form action=\"https://www." );
out.write( stage );
out.write( "paypal.com/cgi-bin/webscr\" method=\"post\">" );
out.write( "<input type=\"hidden\" name=\"cmd\" value=\"_s-xclick\">" ); ;
out.write( "<input type=\"image\" src=\"https://www." );
out.write( stage );
out.write( "paypal.com/en_US/i/btn/x-click-but23.gif\" border=\"0\" name=\"submit\" " );
out.write( "alt=\"Make payments with PayPal - it's fast, free and secure!\">" );
out.write( "<input type=\"hidden\" name=\"encrypted\" value=\"" );
out.write( result );
out.write( "\">" );
out.write( "</form>");
out.flush(); // Don't forget to flush!
out.close();
}
catch (UnsupportedEncodingException e) {
System.out.println(
"This VM does not support the ASCII character set."
);
}
catch (IOException e) {
System.out.println(e.getMessage());
}
}
}
catch (NoSuchAlgorithmException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
catch (NoSuchProviderException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
catch (IOException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
catch (CMSException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
catch (CertificateException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
catch (KeyStoreException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
catch (UnrecoverableKeyException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
catch (InvalidAlgorithmParameterException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
catch (CertStoreException e)
{
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
Edited : info about keys/certificates
编辑:有关密钥/证书的信息
I generated the Private Key and Public Certificate with OpenSSL via the following commands.
Private Key
openssl genrsa -out private-key.pem 1024
Public Certificate
openssl req -new -key private-key.pem -x509 -days 1095 -out public-cert.pem
Created PKCS12 File
openssl pkcs12 -export -in public-cert.pem -inkey private-key.pem -out my_pkcs12.p12
我通过以下命令使用 OpenSSL 生成了私钥和公共证书。
私钥
openssl genrsa -out private-key.pem 1024
公共证书
openssl req -new -key private-key.pem -x509 -days 1095 -out public-cert.pem
创建的 PKCS12 文件
openssl pkcs12 -export -in public-cert. pem -inkey private-key.pem -out my_pkcs12.p12
Additionally, I had to download the Paypal Public Certificate from the Paypal website.
此外,我必须从 Paypal 网站下载 Paypal 公共证书。
Edited - adding compilation warnings - BouncyCastle
编辑 - 添加编译警告 - BouncyCastle
C:\jakarta-tomcat\webapps\PlanB\WEB-INF\classes>javac .\palmb\servlets\paypal\ClientSide.java -Xlint
.\palmb\servlets\paypal\ClientSide.java:85: warning: [deprecation] addSigner(java.security.PrivateKey,java.security.cert.X509Certificate,java.lang.String) in org.bouncycastle.cms.CMSSignedDataGenerator has been deprecated
signedGenerator.addSigner( privateKey, certificate, CMSSignedDat
aGenerator.DIGEST_SHA1 );
^
.\palmb\servlets\paypal\ClientSide.java:88: warning: [unchecked] unchecked call
to add(E) as a member of the raw type java.util.ArrayList
certList.add(certificate);
^
.\palmb\servlets\paypal\ClientSide.java:90: warning: [deprecation] addCertificatesAndCRLs(java.security.cert.CertStore) in org.bouncycastle.cms.CMSSignedGenerat
or has been deprecated
signedGenerator.addCertificatesAndCRLs(certStore);
^
.\palmb\servlets\paypal\ClientSide.java:97: warning: [deprecation] generate(org.
bouncycastle.cms.CMSProcessable,boolean,java.lang.String) in org.bouncycastle.cm
s.CMSSignedDataGenerator has been deprecated
CMSSignedData signedData = signedGenerator.generate(cmsByteArray, true, "BC");
^
.\palmb\servlets\paypal\ClientSide.java:102: warning: [deprecation] addKeyTransR
ecipient(java.security.cert.X509Certificate) in org.bouncycastle.cms.CMSEnvelope
dGenerator has been deprecated
envGenerator.addKeyTransRecipient(payPalCert);
^
.\palmb\servlets\paypal\ClientSide.java:103: warning: [deprecation] generate(org.bouncycastle.cms.CMSProcessable,java.lang.String,java.lang.String) in org.bouncycastle.cms.CMSEnvelopedDataGenerator has been deprecated
CMSEnvelopedData envData = envGenerator.generate( new CMSProcess
ableByteArray(signed),
^
6 warnings
JCE policy file installation steps
JCE 策略文件安装步骤
These are the steps I took to installing the JCE Unlimited Strength Policy files:
1) Went to Java JCE DownloadPage on Oracle.
2) Extracted files from zip.
3) Placed local_policy.jar and US_export_policy.jar files in C:\Java\jdk1.6.0_22\jre\lib\security folder.
Note: C:\Java\jdk1.6.0_22 is set as %JAVA_HOME%
4) Updated system classpath to include location of jars.
Note: There are other files, that came with the JDK 1.6 within the security folder, including : java.policy, java.security, javaws.policy, trusted.libraries - but those probably have nothing to do with the JCE files, right?
这些是我安装 JCE Unlimited Strength Policy 文件所采取的步骤:
1) 前往Oracle 上的Java JCE 下载页面。
2) 从 zip 中提取的文件。
3) 将 local_policy.jar 和 US_export_policy.jar 文件放在 C:\Java\jdk1.6.0_22\jre\lib\security 文件夹中。
注意:C:\Java\jdk1.6.0_22 设置为 %JAVA_HOME%
4) 更新系统类路径以包含 jars 的位置。
注意:安全文件夹中还有 JDK 1.6 附带的其他文件,包括:java.policy、java.security、javaws.policy、trusted.libraries - 但这些可能与 JCE 文件无关,对吧?
Edit 6/23/2011 - results after further configuration
编辑 6/23/2011 - 进一步配置后的结果
I went to Bouncy Castle page at http://www.bouncycastle.org/specifications.html#install
Scroll down to 5.0 Bouncy Castle Providerthen read info under 5.1 Example. It makes mention of adding a parameter for the Bouncy Castle Provider to the java.securityfile. My file is under C:\Java\jdk1.6.0_22\jre\lib\security.
I added the following line to my file - security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
我去了http://www.bouncycastle.org/specifications.html#install 的Bouncy Castle 页面
向下滚动到5.0 Bouncy Castle Provider然后阅读5.1 Example下的信息。它提到将 Bouncy Castle Provider 的参数添加到java.security文件中。我的文件在 C:\Java\jdk1.6.0_22\jre\lib\security 下。
我将以下行添加到我的文件中 -security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
In addition, I discovered that I hadn't added the Bouncy Castle jars to the classpath, so I went ahead and did so.
此外,我发现我没有将 Bouncy Castle 罐子添加到类路径中,所以我继续这样做了。
Now after making these changes, recompiling and attempting to execute ClientSide.javaI'm given the same exception : but maybe the focus should be on the part of the exception where it says this about bouncycastle provider -
现在在进行这些更改后,重新编译并尝试执行ClientSide.java我得到了相同的异常:但也许重点应该放在异常的一部分上,它说的是关于 bouncycastle 提供者 -
at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.cryptData(Unknown Source)
at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source)
@PeteyB - I'm certain that I installed the policy files correctly. Based on what I've stated here, is there anything else you can suggest I try? Can you look at the Bouncy Castle site @ http://www.bouncycastle.org/specifications.html#installand see if there is something I'm missing?
@PeteyB - 我确定我正确安装了策略文件。根据我在这里所说的,你还有什么可以建议我尝试的吗?你能看看 Bouncy Castle 网站 @ http://www.bouncycastle.org/specifications.html#install看看是否有我遗漏的东西吗?
采纳答案by Petey B
So the problem must be with your JCE Unlimited Strength installation.
所以问题一定出在你的 JCE Unlimited Strength 安装上。
Be sure you overwrite the local_policy.jarand US_export_policy.jarin both your JDK's jdk1.6.0_25\jre\lib\security\and in your JRE's lib\security\folder.
确保你覆盖local_policy.jar,并US_export_policy.jar在这两个你的JDK的jdk1.6.0_25\jre\lib\security\,并在你的JRE的lib\security\文件夹中。
In my case I would place the new .jars in:
就我而言,我会将新的 .jars 放在:
C:\Program Files\Java\jdk1.6.0_25\jre\lib\security
C:\Program Files\Java\jdk1.6.0_25\jre\lib\security
and
和
C:\Program Files\Java\jre6\lib\security
C:\Program Files\Java\jre6\lib\security
If you are running Java 8and you encounter this issue. Below steps should help!
如果您正在运行Java 8并且遇到此问题。以下步骤应该会有所帮助!
Go to your JRE installation (e.g - jre1.8.0_181\lib\security\policy\unlimited) copy local_policy.jarand replace it with 'local_policy.jar' in your JDK installation directory (e.g - jdk1.8.0_141\jre\lib\security).
转到您的 JRE 安装(例如 - jre1.8.0_181\lib\security\policy\unlimited)复制local_policy.jar并将其替换为 JDK 安装目录中的“local_policy.jar”(例如 - jdk1.8.0_141\jre\lib \安全)。
回答by Petey B
The error seems to be thrown when you try and load they keystore from "C:/jakarta-tomcat/webapps/PlanB/Certs/my_pkcs12.p12" here:
当您尝试从“C:/jakarta-tomcat/webapps/PlanB/Certs/my_pkcs12.p12”加载它们的密钥库时,似乎会抛出错误:
ks.load( new FileInputStream(_privateKeyPath), _keyPass.toCharArray() );
Have you tried replaceing "/" with "\\" in your file path? If that doesn't help it probably has to do with Java's Unlimited Strength Jurisdiction Policy Files. You could check this by writing a little program that does AES encryption. Try encrypting with a 128 bit key, then if that works, try with a 256 bit key and see if it fails.
您是否尝试过将文件路径中的“/”替换为“\\”?如果这没有帮助,它可能与 Java 的 Unlimited Strength Jurisdiction Policy Files 有关。您可以通过编写一个执行 AES 加密的小程序来检查这一点。尝试使用 128 位密钥加密,然后如果可行,请尝试使用 256 位密钥并查看是否失败。
Code that does AES encyrption:
执行 AES 加密的代码:
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class Test
{
final String ALGORITHM = "AES"; //symmetric algorithm for data encryption
final String PADDING_MODE = "/CBC/PKCS5Padding"; //Padding for symmetric algorithm
final String CHAR_ENCODING = "UTF-8"; //character encoding
//final String CRYPTO_PROVIDER = "SunMSCAPI"; //provider for the crypto
int AES_KEY_SIZE = 256; //symmetric key size (128, 192, 256) if using 256 you must have the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files installed
private String doCrypto(String plainText) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, UnsupportedEncodingException
{
byte[] dataToEncrypt = plainText.getBytes(CHAR_ENCODING);
//get the symmetric key generator
KeyGenerator keyGen = KeyGenerator.getInstance(ALGORITHM);
keyGen.init(AES_KEY_SIZE); //set the key size
//generate the key
SecretKey skey = keyGen.generateKey();
//convert to binary
byte[] rawAesKey = skey.getEncoded();
//initialize the secret key with the appropriate algorithm
SecretKeySpec skeySpec = new SecretKeySpec(rawAesKey, ALGORITHM);
//get an instance of the symmetric cipher
Cipher aesCipher = Cipher.getInstance(ALGORITHM + PADDING_MODE);
//set it to encrypt mode, with the generated key
aesCipher.init(Cipher.ENCRYPT_MODE, skeySpec);
//get the initialization vector being used (to be returned)
byte[] aesIV = aesCipher.getIV();
//encrypt the data
byte[] encryptedData = aesCipher.doFinal(dataToEncrypt);
//initialize the secret key with the appropriate algorithm
SecretKeySpec skeySpecDec = new SecretKeySpec(rawAesKey, ALGORITHM);
//get an instance of the symmetric cipher
Cipher aesCipherDec = Cipher.getInstance(ALGORITHM +PADDING_MODE);
//set it to decrypt mode with the AES key, and IV
aesCipherDec.init(Cipher.DECRYPT_MODE, skeySpecDec, new IvParameterSpec(aesIV));
//decrypt and return the data
byte[] decryptedData = aesCipherDec.doFinal(encryptedData);
return new String(decryptedData, CHAR_ENCODING);
}
public static void main(String[] args)
{
String text = "Lets encrypt me";
Test test = new Test();
try {
System.out.println(test.doCrypto(text));
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchProviderException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (BadPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
Does this code work for you?
这些代码在你那正常吗?
You might also want to try specifying your bouncy castle provider in this line:
您可能还想尝试在此行中指定您的充气城堡提供者:
Cipher.getInstance(ALGORITHM +PADDING_MODE, "YOUR PROVIDER");
And see if it could be an error associated with bouncy castle.
看看它是否可能是与充气城堡相关的错误。
回答by Petey B
If you are still recieving the InvalidKeyException when running my AES encryption program with 256 bit keys, but not with 128 bit keys, it is because you have not installed the new policy JAR files correctly, and has nothing to do with BouncyCastle (which is also restrained by those policy files). Try uninstalling, then re-installing java and then replaceing the old jar's with the new unlimited strength ones. Other than that, I'm out of ideas, best of luck.
如果您在使用 256 位密钥运行我的 AES 加密程序时仍然收到 InvalidKeyException 而不是使用 128 位密钥,那是因为您没有正确安装新的策略 JAR 文件,并且与 BouncyCastle(这也是受这些策略文件的约束)。尝试卸载,然后重新安装 java,然后用新的无限强度的 jar 替换旧的 jar。除此之外,我没有想法,祝你好运。
You can see the policy files themselves if you open up the lib/security/local_policy.jar and US_export_policy.jar files in winzip and look at the conatined *.policy files in notepad and make sure they look like this:
如果您在 winzip 中打开 lib/security/local_policy.jar 和 US_export_policy.jar 文件并查看记事本中包含的 *.policy 文件,并确保它们看起来像这样,您就可以看到策略文件本身:
default_local.policy:
default_local.policy:
// Country-specific policy file for countries with no limits on crypto strength.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};
default_US_export.policy:
default_US_export.policy:
// Manufacturing policy file.
grant {
// There is no restriction to any algorithms.
permission javax.crypto.CryptoAllPermission;
};
回答by Anil Verma
Add below code in your client code :
在您的客户端代码中添加以下代码:
static {
Security.insertProviderAt(new BouncyCastleProvider(),1);
}
with this there is no need to add any entry in java.security file.
有了这个,就不需要在 java.security 文件中添加任何条目。
回答by Divya S
I faced the same issue. Tried adding the US_export_policy.jarand local_policy.jarin the java security folder first but the issue persisted. Then added the below in java_optsinside tomcat setenv.shfile and it worked.
我遇到了同样的问题。尝试先在 java security 文件夹中添加US_export_policy.jar和local_policy.jar,但问题仍然存在。然后在java_opts里面的 tomcatsetenv.sh文件中添加了以下内容并且它起作用了。
-Djdk.tls.ephemeralDHKeySize=2048
Please check this linkfor further info
请检查此链接以获取更多信息
