Jdk 1.7 jce cipher init issue

user10130289

When the cipher is initialized (highlighted in red below) to  encrypt/decrypt some text, I get the below errors.The Key is 256 bit and uses AES algorithm and the unlimited policy strength files have been installed. Works on one system, but fails on a second one. Key is the same across the 2 systems. Not able to pin point what is different. Usually we encounter the "Illegal Key Size" exception if policy files are not installed, this one seems new and not sure abt the root cause. Any help is appreciated. Any other settings/config files need to be checked for ?

We are trying to certify in jdk170_05_64. OS is Sun Solaris SPARC

Exact below code works in Windows PC (able to encrypt/decrypt) and one other Sun Solaris system as well.

---------------------------------------

Key Generation

KeyGenerator kg = KeyGenerator.getInstance("AES");

kg.init(256);

   

String key = new String (kg.generateKey().getEncoded());

---------------------------------------

Cipher initialization

cipher = Cipher.getInstance("AES");

skeySpec = new SecretKeySpec(key.getBytes(), "AES");

public String encrypt(String data){

        String lFuncName = "EncryptUil :: encrypt(): ";

        byte[] encryptedData = null;

        String encryptedFinal = "";

        try{

            if(data!=null && data.length()>0){

                cipher.init(Cipher.ENCRYPT_MODE, skeySpec,cipher.getParameters());

                encryptedData = (cipher.doFinal(data.getBytes(UNICODE_FORMAT)));

                encryptedFinal = new BASE64Encoder().encode(encryptedData);

                encryptedFinal = new String(encryptedFinal);

            }

        }

}

Exception

java.security.InvalidKeyException: Invalid key for AES

        at sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:244)

        at sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:175)

        at sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:111)

        at sun.security.pkcs11.P11Cipher.engineGetKeySize(P11Cipher.java:872)

        at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1052)

        at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1023)

        at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1045)

        at javax.crypto.Cipher.init(Cipher.java:1476)

        at javax.crypto.Cipher.init(Cipher.java:1413)

        at EncryptUtil.encrypt(EncryptUtil.java:64)

        at TestSIT.main(TestSIT.java:19)

Caused by: java.security.InvalidAlgorithmParameterException: Key length must be between 128 and 128 bits

        at sun.security.pkcs11.P11KeyGenerator.checkKeySize(P11KeyGenerator.java:131)

        at sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:213)

        ... 10 more

sabre150

The source of your problem is most probably

String key = new String (kg.generateKey().getEncoded());

and

skeySpec = new SecretKeySpec(key.getBytes(), "AES");

The key bytes are binary data and your code assumes that the transformation of the key bytes to a String and back gets back the original key bytes. Whether or not this will work will depend on the default character encoding of the computer.

As you are finding out, String is not a valid container for binary data. You need to use a 100% guaranteed reversible transformation such as Base64.