Java安全:非法密钥大小或默认参数? [英] Java Security: Illegal key size or default parameters?
问题描述
我之前曾问过一个关于此问题的问题,但它没有得到正确答案而且无处可去。
所以我已经澄清了关于这个问题的一些细节,我真的很想听听你如何解决这个问题或我应该尝试什么的想法。
我的Linux服务器上安装了 Java 1.6.0.12 ,下面的代码运行得非常完美。
'pre>
String键= av45k1pfb024xa3bl359vsb4esortvks74sksr5oy4s5serondry84jsrryuhsr5ys49y5seri5shrdliheuirdygliurguiy5ru;
try {
Cipher c = Cipher.getInstance(ARCFOUR);
SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes(UTF-8),ARCFOUR);
c.init(Cipher.DECRYPT_MODE,secretKeySpec);
返回new String(c.doFinal(Hex.decodeHex(data.toCharArray())),UTF-8);
} catch(InvalidKeyException e){
抛出新的CryptoException(e);
}
今天我安装了 Java 1.6.0.26 服务器用户,当我尝试运行我的应用程序时,我得到以下异常。我的猜测是它与Java安装配置有关,因为它在第一个版本中有效,但在以后的版本中不起作用。
引起:java.security.InvalidKeyException:非法密钥大小或默认参数
at javax.crypto.Cipher.a(DashoA13 * ..)〜[na:1.6]
at javax.crypto.Cipher.a(DashoA13 * ..)〜[na:1.6]
at javax.crypto.Cipher.a(DashoA13 * ..)〜[na:1.6]
at javax .crypto.Cipher.init(DashoA13 * ..)〜[na:1.6]
at javax.crypto.Cipher.init(DashoA13 * ..)〜[na:1.6]
at my.package .Something.decode(RC4Decoder.java:25)〜[my.package.jar:na]
...省略了5个常见帧
第25行是:
c.init(Cipher.DECRYPT_MODE,secretKeySpec);
注意:
*服务器的 1.6.0.12 java目录中的java.security匹配几乎完全使用 1.6.0.26 java.security fi乐。第一个中没有其他提供者。
*上一个问题是这里。
很可能你没有无限强度文件现在安装。
您可能需要下载此文件:
Java密码术扩展(JCE)U无限强度管辖政策文件8下载(仅适用于Java 8 u162之前的版本)
从zip中提取jar文件并将其保存在 $ {java.home} / jre / lib / security / 。
I had asked a question about this earlier, but it didn't get answered right and led nowhere.
So I've clarified few details on the problem and I would really like to hear your ideas on how could I fix this or what should I try.
I have Java 1.6.0.12 installed on my Linux server and the code below runs just perfectly.
String key = "av45k1pfb024xa3bl359vsb4esortvks74sksr5oy4s5serondry84jsrryuhsr5ys49y5seri5shrdliheuirdygliurguiy5ru";
try {
Cipher c = Cipher.getInstance("ARCFOUR");
SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "ARCFOUR");
c.init(Cipher.DECRYPT_MODE, secretKeySpec);
return new String(c.doFinal(Hex.decodeHex(data.toCharArray())), "UTF-8");
} catch (InvalidKeyException e) {
throw new CryptoException(e);
}
Today I installed Java 1.6.0.26 on my server user and when I try to run my application, I get the following exception. My guess would be that it has something to do with the Java installation configuration because it works in the first one, but doesn't work in the later version.
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
at my.package.Something.decode(RC4Decoder.java:25) ~[my.package.jar:na]
... 5 common frames omitted
Line 25 is:
c.init(Cipher.DECRYPT_MODE, secretKeySpec);
Notes:
* java.security on server's 1.6.0.12 java directory matches almost completely with the 1.6.0.26 java.security file. There are no additional providers in the first one.
* The previous question is here.
Most likely you don't have the unlimited strength file installed now.
You may need to download this file:
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download (only required for versions before Java 8 u162)
Extract the jar files from the zip and save them in ${java.home}/jre/lib/security/.
这篇关于Java安全:非法密钥大小或默认参数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
