14

When I run this code in Android it produces no errors, but when I run it in a standard Java program it produces the exception: java.security.InvalidKeyException: Illegal key size.

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec keySpec = new SecretKeySpec(CHUNK_ENCRYPTION_KEY.getBytes(), 0, 32, "AES");
IvParameterSpec initVector = new IvParameterSpec(AES_INITIALIZATION_VECTOR.getBytes(), 0 , 16);
cipher.init(Cipher.ENCRYPT_MODE, keySpec, initVector);

CHUNK_ENCRYPTION_KEY is a 32 byte key hard-coded into the program. AES_INITIALIZATION_VECTOR is a 16 byte hard-coded initialization vector.

Does anyone know why it would work on Android and not on a Desktop?

Improve this question
4
  • Your question is missing a question mark. Commented Aug 1, 2011 at 15:29
  • @Hank I am facing similar issue. Did you solve this or not? Commented May 11, 2015 at 8:32
  • No, I was never able to solve this Commented May 11, 2015 at 16:35
  • Possible duplicate of InvalidKeyException Illegal key size Commented Mar 21, 2016 at 10:33

3 Answers 3

Reset to default
24

On a default desktop JVM installation (using the JRE or JDK from Sun/Oracle), AES is limited to 128-bit key size. This is a remnant of import/export laws on cryptographic software. To unlock the larger AES key sizes, you need to download and apply the "JCE Unlimited Strength Jurisdiction Policy Files" (see at the bottom of this page).

The key size restriction is enforced by the code within the Cipher class. Changing cryptographic providers (e.g. to one of the Bouncy Castle or IAIK providers) won't let you circumvent this restriction.

On an unrelated note, you do not want to use the raw getBytes() method on a String, because the result depends on the current locale (not everyone uses UTF-8 or even ASCII-compatible encodings). If you do want to represent your key as a literal string, at least use an explicit encoding, such as: CHUNK_ENCRYPTION_KEY.getBytes("UTF-8")

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

It's not stated clearly in README that "JCE Unlimited Strength Jurisdiction Policy Files" should be copied to jre inside your JDK, otherwise it would not work. Path for files should be: /path/to/jdk1.7.0_xx/jre/lib/security

Improve this answer

Comments

-1

Maybe your supplied KEY and Initialization Vector don't have 32 bytes, respectively 16 bytes length. You can also try to use the constructors that don't take the parameters the offset and length of the keys:

   SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
   IvParameterSpec ivSpec = new IvParameterSpec(iv);
Improve this answer

4 Comments

I checked the byte lengths when I convert them to byte arrays, and if I don't do the offset and length, it produces the same exception.
are you converting a Hex String to bytes?
yeah, my whole key string is consisted of 32 unicode characters.
I even tried changing it to a byte array, and it still doesn't work

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.