Java 安全性:非法密钥大小或默认参数? [英] Java Security: Illegal key size or default parameters?
问题描述
我之前问过一个关于这个的问题,但没有得到正确的回答,而且一无所获.
I had asked a question about this earlier, but it didn't get answered right and led nowhere.
所以我已经澄清了有关该问题的一些细节,我真的很想听听您关于如何解决此问题或我应该尝试什么的想法.
So I've clarified few details on the problem and I would really like to hear your ideas on how could I fix this or what should I try.
我的 Linux 服务器上安装了 Java 1.6.0.12,下面的代码运行得非常完美.
I have Java 1.6.0.12 installed on my Linux server and the code below runs just perfectly.
String key = "av45k1pfb024xa3bl359vsb4esortvks74sksr5oy4s5serondry84jsrryuhsr5ys49y5seri5shrdliheuirdygliurguiy5ru";
try {
Cipher c = Cipher.getInstance("ARCFOUR");
SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "ARCFOUR");
c.init(Cipher.DECRYPT_MODE, secretKeySpec);
return new String(c.doFinal(Hex.decodeHex(data.toCharArray())), "UTF-8");
} catch (InvalidKeyException e) {
throw new CryptoException(e);
}
今天,我在服务器用户上安装了 Java 1.6.0.26,当我尝试运行我的应用程序时,出现以下异常.我的猜测是它与 Java 安装配置有关,因为它在第一个版本中有效,但在更高版本中无效.
Today I installed Java 1.6.0.26 on my server user and when I try to run my application, I get the following exception. My guess would be that it has something to do with the Java installation configuration because it works in the first one, but doesn't work in the later version.
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
at my.package.Something.decode(RC4Decoder.java:25) ~[my.package.jar:na]
... 5 common frames omitted
第 25 行 是:c.init(Cipher.DECRYPT_MODE, secretKeySpec);
注意事项:
* 服务器1.6.0.12 java 目录上的java.security 几乎与1.6.0.26 java.security 文件完全匹配.第一个中没有其他提供者.
* 上一个问题是此处.
Notes:
* java.security on server's 1.6.0.12 java directory matches almost completely with the 1.6.0.26 java.security file. There are no additional providers in the first one.
* The previous question is here.
推荐答案
很可能您现在没有安装无限强度文件.
Most likely you don't have the unlimited strength file installed now.
您可能需要下载此文件:
You may need to download this file:
Java 加密扩展 (JCE) 无限强度管辖权政策文件 7 下载
Java 加密扩展 (JCE) 无限强度管辖权政策文件 8 下载(仅 Java 8 u162 之前的版本需要)
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download (only required for versions before Java 8 u162)
从 zip 中提取 jar 文件并将它们保存在 ${java.home}/jre/lib/security/ 中.
Extract the jar files from the zip and save them in ${java.home}/jre/lib/security/.
这篇关于Java 安全性:非法密钥大小或默认参数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
