1 Reply Latest reply on Jul 21, 2013 8:51 PM by sabre150

    Jdk 1.7 jce cipher init issue


      When the cipher is initialized (highlighted in red below) to  encrypt/decrypt some text, I get the below errors.The Key is 256 bit and uses AES algorithm and the unlimited policy strength files have been installed. Works on one system, but fails on a second one. Key is the same across the 2 systems. Not able to pin point what is different. Usually we encounter the "Illegal Key Size" exception if policy files are not installed, this one seems new and not sure abt the root cause. Any help is appreciated. Any other settings/config files need to be checked for ?


      We are trying to certify in jdk170_05_64. OS is Sun Solaris SPARC


      Exact below code works in Windows PC (able to encrypt/decrypt) and one other Sun Solaris system as well.




      Key Generation


      KeyGenerator kg = KeyGenerator.getInstance("AES");



      String key = new String (kg.generateKey().getEncoded());




      Cipher initialization


      cipher = Cipher.getInstance("AES");

      skeySpec = new SecretKeySpec(key.getBytes(), "AES");


      public String encrypt(String data){

              String lFuncName = "EncryptUil :: encrypt(): ";

              byte[] encryptedData = null;

              String encryptedFinal = "";



                  if(data!=null && data.length()>0){

                      cipher.init(Cipher.ENCRYPT_MODE, skeySpec,cipher.getParameters());

                      encryptedData = (cipher.doFinal(data.getBytes(UNICODE_FORMAT)));

                      encryptedFinal = new BASE64Encoder().encode(encryptedData);

                      encryptedFinal = new String(encryptedFinal);







      java.security.InvalidKeyException: Invalid key for AES

              at sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:244)

              at sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:175)

              at sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:111)

              at sun.security.pkcs11.P11Cipher.engineGetKeySize(P11Cipher.java:872)

              at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1052)

              at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1023)

              at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1045)

              at javax.crypto.Cipher.init(Cipher.java:1476)

              at javax.crypto.Cipher.init(Cipher.java:1413)

              at EncryptUtil.encrypt(EncryptUtil.java:64)

              at TestSIT.main(TestSIT.java:19)

      Caused by: java.security.InvalidAlgorithmParameterException: Key length must be between 128 and 128 bits

              at sun.security.pkcs11.P11KeyGenerator.checkKeySize(P11KeyGenerator.java:131)

              at sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:213)

              ... 10 more

        • 1. Re: Jdk 1.7 jce cipher init issue

          The source of your problem is most probably


          String key = new String (kg.generateKey().getEncoded());


          skeySpec = new SecretKeySpec(key.getBytes(), "AES");


          The key bytes are binary data and your code assumes that the transformation of the key bytes to a String and back gets back the original key bytes. Whether or not this will work will depend on the default character encoding of the computer.


          As you are finding out, String is not a valid container for binary data. You need to use a 100% guaranteed reversible transformation such as Base64.