Tuesday, August 18, 2009

java.security.InvalidKeyException: Illegal key size or default parameters

Exception :
Caused by: org.apache.ws.security.WSSecurityException: Cannot encrypt data; nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters
Original Exception was java.security.InvalidKeyException: Illegal key size or default parameters
at org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:567)
at org.apache.ws.security.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:454)
at org.apache.ws.security.message.WSSecEncrypt.encryptForInternalRef(WSSecEncrypt.java:351)
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:530)
... 12 more
Root Cause :
There are key size restrictions with the default JDK comes with - which limits it to 128.

If your security policy uses a key size larger than this - then the above exception is thrown.

For example - if your security policy specifies the algorithemic suite as Basic256 - then the key size to be used is 256.

Solution :
You need to patch your JDK with Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.

For JDK 1.5 download those from here and copy the two jar files from the extracted jce directory (local_policy.jar and US_export_policy.jar) to $JAVA_HOME/jre/lib/security.

For JDK 1.6, policy files can be downloaded from here.

Notes :
If you are running your client through an IDE - and you still gets the above error after applying the provided solution - double check the JAVA_HOME set in the corresponding IDE - and need to patch that corresponding JDK.

6 comments:

Senthil Kumar

Thanks for the Clear Description and it is timely Helpful.Thanks a lot.

SabarishReddy

i got the same exception after doing the suggested thing by you we got this error
javax.crypto.BadPaddingException: Given final block not properly padded

please help us.

Harshana Eranga Martin

Hi Prabath,

Spot On!!

Patching the JDK and restarting the Service did solve the issue!! :)

Thanks a lot.

Thanks and Regards,
Harshana

muneer
This comment has been removed by the author.
muneer

i got the exception after doing the suggested thing by you, got this error->Wrong IV length: must be 16 bytes long

Quinn Wong

Great, concise article. Thanks!

Post a Comment