首页 > 代码库 > java.security.InvalidKeyException: Illegal key size or default parameters
java.security.InvalidKeyException: Illegal key size or default parameters
做CA认证 生成证书时候出错,后来发现是 秘钥长度太长了,怎么会有这个问题呢,看下面的:
参考网址 : http://open.eucalyptus.com/forum/illegal-key-size
http://ksgimi.iteye.com/blog/1584716
异常:
EjbcaException_Exception: exception encrypting data - java.security.InvalidKeyException: Illegal key size
分析:
这种限制是因为美国对软件出口的控制。
所以下载匹配的jce_policy ,替换jdk安装目录下 jdk1.* \jre\lib\security 中的 local_policy.jar 和 US_export_policy.jar 两个jar包。(不主要)
替换jdk安装目录下 jre* \lib\security 中的 local_policy.jar 和 US_export_policy.jar 两个jar包。(主要)
注 :* 是版本号
I was working on webservice call where my code was breaking in RAD during decrypting the password of keystore. I encountered below error:
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
There are key size restrictions with the default crypto files local_policy.jar and US_export_policy.jar comes with JDK – which limits it to 128. If your security policy using a key size larger than this – then the above exception is thrown.
For example – if your security policy specifies the algorithmic suite as Basic256 – then the key size to be used is 256.
For the solution of above issue, you need to patch your JDK with Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
For JDK1.5 visit, download the crypto files and copy the two jar files from the extracted jce directory (local_policy.jar and US_export_policy.jar) to $JAVA_HOME/jre/lib/security.
For JDK1.6 visit
If your IDE using it’s own specific JDK then patch that as well with these files to resolve the issue.