java.security.InvalidKeyException: What to do when Illegal key size or default parameters

--Environment - Red Hat Enterprise Linux Server release 6.3 (Santiago) - java version "1.7.0_79"

Event: InvalidKeyException occurred when decrypting process works

InvalidKeyException occurred when the process of compounding the parameters sent from other servers worked.

java.security.InvalidKeyException: Illegal key size or default parameters
        at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1011)
        at javax.crypto.Cipher.implInit(Cipher.java:786)
        at javax.crypto.Cipher.chooseProvider(Cipher.java:849)
        at javax.crypto.Cipher.init(Cipher.java:1213)
        at javax.crypto.Cipher.init(Cipher.java:1153)
...abridgement...

Cause: (For Java 8 or less) AES256bit key length cannot be used

In Java, the standard library Cipher class allows you to work with AES ciphers without the use of third-party libraries. However, AES encryption seems to be subject to US export restrictions, and the standard can only handle keys up to 128 bits. AES 256 cryptography in the Java 9 era-Qiita

Action: Replace the policy file

  1. From Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK / JRE Download to Java version Download the matching zip file --This time it's Java 1.7, so download ʻUnlimitedJCEPolicyJDK7.zip`
  2. Transfer the jar (local_policy.jarʻUS_export_policy.jar`) in the unzipped directory to the server where it will be placed.
  3. Check the Java installation directory ――It's natural ... I wrote it properly because the same version was placed in the wrong directory in two places. -How to find when you don't know the Java installation directory --Qiita
  4. Make a backup of local_policy.jarʻUS_export_policy.jar located in {java installation directory} / jre / lib / security / `
  5. Place the jar in the unzipped directory in {java installation directory} / jre / lib / security /
#Transfer to the server where the jar is placed
$ scp -i /path/to/{Private key}.pem /path/to/zip/UnlimitedJCEPolicy/*.jar ponsuke@{server}:/home/ponsuke/
local_policy.jar      100% 2500    12.2KB/s   00:00
US_export_policy.jar  100% 2487    12.1KB/s   00:00

#Log in to the server
$ ssh -i /path/to/{Private key}.pem ponsuke@{server}
Last login: Thu May 14 20:56:50 2020 from 10.0.1.10

#Check the Java installation directory
$ printenv JAVA_HOME
/usr/java/default

#Back up the jar
$ cd $JAVA_HOME/jre/lib/security/
$ sudo mv local_policy.jar local_policy.jar.bak
[sudo] password for ponsuke:
$ sudo mv US_export_policy.jar US_export_policy.jar.bak

#Place the jar in the unzipped directory
$ sudo mv /home/ponsuke/*.jar .
$ ls -la | grep jar
-rw-r--r--1 ponsuke appl 2487 May 14 21:36 2020 US_export_policy.jar
-rw-r--r--.1 root root 2397 April 11 03:55 2015 US_export_policy.jar.bak
-rw-r--r--1 ponsuke appl 2500 May 14 21:36 2020 local_policy.jar
-rw-r--r--.1 root root 2865 April 11 03:55 2015 local_policy.jar.bak

Recommended Posts

java.security.InvalidKeyException: What to do when Illegal key size or default parameters
What to do when javax.batch.operations.JobStartException occurs
[Rails] What to do when rails s does not respond or does not stop
What to do when a javax.el.PropertyNotWritableException occurs
What to do when undefined method ʻuser_signed_in?'
What to do when debugging "Source not found"
What do you use when converting to String?
What to do when IllegalStateException occurs in PlayFramework
WELD-001408: What to do when Unsatisfied dependencies for type Bean with qualifiers @Default
What to do when The SSL certificate has expired
What to do when JSF tags do not become HTML
What to do if ClassNotFoundException occurs when starting Tomcat
What to do when rbenv says that there is no readline or lib history
What to do when a null byte error occurs
What to do when rails creates a 〇〇 2.rb file
Error ExecJS :: RuntimeUnavailable: What to do when it occurs
ParseException: What to do when Unparseable date is reached
What to do when it becomes Unable to find CDI BeanManager.
What to do when Method not found in f: ajax
What to do when you launch an application with rails
What to do when Cannot apply expression operators to method binding
[Rails 5] [Turbolinks] What to do when JS does not work due to page transition or browser back
What to do when an UnsupportedCharsetException occurs in a lightweight JRE
What to do when the changes in the Servlet are not reflected
What to do when you become a Problem During Content Assist
What to do when you run into a docker-compose node_modules problem
[Rails] What to do if you can't get parameters with form_with
What to do after Vagrant install
What to do if JavaMail cannot be used with OpenJDK 11 or later
[IOS] What to do when the image is filled with one color
What to do when CentOS cannot be started with VirtualBox on Catalina
What to do when "npm ERR! Code ENOSELF" is displayed after npm install
What to do and how to install when an error occurs in DXRuby 1.4.7
What to do if an error occurs when nokogiri enters when bundle install
Notes on what to do when EC2 is set up with t2.micro
What to do if tomcat process remains when tomcat is stopped in eclipse
What to do if you get an error when you hit Heroku logs
What to do when "call'Hoge.connection' to establish a connection" appears on rails c
Notes on what to do when a WebView ClassNotFoundException occurs in JavaFX 12