InvalidKeyException非法密钥大小 [英] InvalidKeyException Illegal key size
问题描述
我的测试在我的开发MacBook Pro上运行良好,但无法在持续集成的TeamCity服务器中运行。
I have a test which runs great on my development MacBook Pro, but fails to run in continuous integration TeamCity server.
错误如下:
java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
开发盒和TeamCity都使用Java 1.6,我使用BouncyCastle库来满足特殊AES加密的需要。
Both development box and TeamCity uses Java 1.6 and I use BouncyCastle library for the need of special AES encryption.
代码如下:
private byte[] aesEncryptedInfo(String info) throws UnsupportedEncodingException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidParameterSpecException, InvalidAlgorithmParameterException, NoSuchProviderException {
Security.addProvider(new BouncyCastleProvider());
SecretKey secret = new SecretKeySpec(CUSTOMLONGSECRETKEY.substring(0, 32).getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, secret, new IvParameterSpec(VECTOR_SECRET_KEY.getBytes()));
return cipher.doFinal(info.getBytes("UTF-8"));
}
更新
看起来根据所选答案,我必须在我的TeamCity安装上修改一些东西,这可能会影响一些用户安装 - 所以它不是一个好选择我必须切换到另一个加密库来做到这一点限制。因此,充气城堡可能会有所帮助。
Looks like according to the selected answer I have to modify something on my TeamCity installation and it will possibly affect some user installations - so its not a good choice I have to switch to another crypto library to do that without limitations. So probably bouncy castle will help.
更新2
我实际上切换到使用BouncyCastle来避免这种限制。请注意,这仅适用于直接使用自己的BC类,而不是BC提供程序。
I actually switched to use BouncyCastle to avoid this limitation. Note this only works if you use own BC classes directly, not the BC provider.
推荐答案
此错误表示您的Java虚拟机根据美国出口法律,使用仅允许受限密码密钥大小的策略。
This error means that your Java virtual machine uses a policy that only allows restricted cryptography key sizes due to US export laws.
无限强度管辖权政策文件包含在Java 9中并默认使用(请参阅 Java 9迁移指南中的安全更新)。
The Unlimited Strength Jurisdiction Policy Files are included with Java 9 and used by default (see Security Updates in the Java 9 Migration Guide).
如果使用Java 9出现此错误,这可能意味着策略配置已更改为更具限制性的策略(有限),请参阅迁移指南中的说明:
If you get this error with Java 9, it might mean the policy configuration has been changed to a more restrictive policy (limited), see the instructions from the migration guide:
JCE管辖权政策文件默认为无限
如果您的应用程序以前需要Java Cryptography
扩展(JCE)无限强度管辖政策文件,然后您
不再需要下载或安装它们。它们包含在
JDK中并默认激活。
If your application previously required the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files, then you no longer need to download or install them. They are included in the JDK and are activated by default.
如果您的国家/地区或用法需要更严格的政策,则
限制Java加密策略文件仍然可用。
If your country or usage requires a more restrictive policy, the limited Java cryptographic policy files are still available.
如果您有任何默认提供的策略
文件未满足的要求,那么您可以自定义这些策略文件
以满足您的需求。
If you have requirements that are not met by either of the policy files provided by default, then you can customize these policy files to meet your needs.
请参阅
中的 crypto.policy 安全属性< java-home> /conf/security/java.security 文件,或
加密强度配置 ,
标准版安全开发人员指南。
See the crypto.policy Security property in the
<java-home>/conf/security/java.security file, or
Cryptographic Strength Configuration in the Java Platform,
Standard Edition Security Developer's Guide.
Java 8及更早版本
Java 8 Update 161及更高版本
开始使用Java 8 Update 161,Java 8默认使用无限强度管辖区策略。如果收到此错误,则表明配置已更改为 limited 。请参阅下一节Java 8 Update 151或Java 9上一节中的说明,将其更改回 unlimited 。
Java 8 and earlier
Java 8 Update 161 and higher
Starting with Java 8 Update 161, Java 8 defaults to the Unlimited Strength Jurisdiction Policy. If you receive this error, it could indicate the configuration has been changed to limited. See instructions in the next section on Java 8 Update 151, or the previous section on Java 9, for changing this back to unlimited.
从Java 8 Update 151开始,无限强度管辖权策略包含在Java 8中,但默认情况下不使用。要启用它,您需要在< java_home> / jre / lib / security 中编辑 java.security 文件(对于JDK)或< java_home> / lib / security (对于JRE)。取消注释(或包括)该行
Starting with Java 8 Update 151, the Unlimited Strength Jurisdiction Policy is included with Java 8 but not used by default. To enable it, you need to edit the java.security file in <java_home>/jre/lib/security (for JDK) or <java_home>/lib/security (for JRE). Uncomment (or include) the line
crypto.policy=unlimited
确保使用以管理员身份运行的编辑器编辑文件。
Make sure you edit the file using an editor run as administrator.
策略更改仅在以后生效重新启动JVM(这对于长期运行的服务器进程(如Tomcat)尤为重要。)
The policy change only takes effect after restarting the JVM (this is especially important for long-running server processes like Tomcat).
为了向后兼容,安装策略文件将在下一节中介绍,还有。
For backwards compatibility, installing the policy files as documented in the next section will still work as well.
对于Java 8 Update 144及更早版本,您需要安装Java密码术扩展(JCE)无限强度管辖权政策文件(可从 Oracle <获取/ a>)。
For Java 8 Update 144 and earlier, you need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (available at Oracle).
要安装这些文件(从下载中的 README.txt ):
To install these files (from the README.txt in the download):
-
下载无限强度的JCE策略文件。
Download the unlimited strength JCE policy files.
解压缩并解压缩下载的文件。
Uncompress and extract the downloaded file.
这将创建一个名为jce的子目录。
此目录包含以下文件:
This will create a subdirectory called jce. This directory contains the following files:
README.txt This file
local_policy.jar Unlimited strength local policy file
US_export_policy.jar Unlimited strength US export policy file
安装无限制强度策略JAR文件。
Install the unlimited strength policy JAR files.
如果您以后决定恢复原始的强但
限制策略版本,请首先制作原始JCE的副本
策略文件(US_export_policy.jar和local_policy.jar)。然后
用上一步中提取的无限强度
版本替换强策略文件。
In case you later decide to revert to the original "strong" but limited policy versions, first make a copy of the original JCE policy files (US_export_policy.jar and local_policy.jar). Then replace the strong policy files with the unlimited strength versions extracted in the previous step.
JCE管辖区域策略JAR文件的标准位置是:
The standard place for JCE jurisdiction policy JAR files is:
<java-home>/lib/security [Unix]
<java-home>\lib\security [Windows]
注意JDK它在jre / lib / security中。
Note for the JDK it is in jre/lib/security.
新策略文件仅在重新启动JVM后生效(这一点尤其重要对于长期运行的服务器进程,如Tomcat)。
The new policy file only takes effect after restarting the JVM (this is especially important for long-running server processes like Tomcat).
这篇关于InvalidKeyException非法密钥大小的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
