Generating digital certificate:InvalidKeyException: Illegal key size

Question

Writing code to generate digital certificate

Here is the piece of code causing problem

 PBEKeySpec keySpec = new PBEKeySpec(password);

 SecretKeyFactory keyFactory = SecretKeyFactory
        .getInstance("PBEWITHMD5ANDTRIPLEDES"/* "PBEWithSHAAndTwofish-CBC" */);

 SecretKey key = keyFactory.generateSecret(keySpec);

 PBEParameterSpec paramSpec = new PBEParameterSpec(salt,
                    MD5_ITERATIONS);

Cipher cipher = Cipher.getInstance("PBEWITHMD5ANDTRIPLEDES");
            cipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);//here Ex.

byte[] ciphertext = cipher.doFinal(plaintext); 

Facing the exception

java.security.InvalidKeyException: Illegal key size
    at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1023)
    at javax.crypto.Cipher.implInit(Cipher.java:789)
    at javax.crypto.Cipher.chooseProvider(Cipher.java:848)
    at javax.crypto.Cipher.init(Cipher.java:1347)
    at javax.crypto.Cipher.init(Cipher.java:1281)
    at chapter4.GenSig.passwordEncrypt(GenSig.java:290)
    at chapter4.GenSig.generateKeyPair(GenSig.java:92)
    at chapter4.GenSig.main(GenSig.java:48)

As I tried to search on internet with the exception name ,Almost all solution said one solution (install JCE) add the below jars in security folder of jre and jdk i'm using

local_policy.jar
US_export_policy

Added those jar's and restarted my machine,Still the same issue and posting.

Let me know If you need further details.

FULL CODE HERE

Thanks for your time.

Answer 1

The error about an illegal key size is usually due to the restrictions in the policy files. Your found solutions are correct.

You said, that you added the files to the security folder. Adding is not correct. You must replace them, as they are already there. If you really added them, then something was wrong.

Additionally, take care of the Java version. The policy files differ, when being replaced for Java 6 or Java 7.

Last, but not least: You might not have copied the policy files to the correct folder. On my machine, I have both - Java 6 and Java 7 installed. So my program files directory contains the four folders jdk6, jre6, jdk7, jre7. A folder named jre also exists in the jdk6 and in the jdk7 folder. You should replace the policy files in all jre folders.

I also have several embedded jre folders on my disk. If you have that also ... replace the files there, too. And that is maybe a good solution for deployment: Add an embedded JRE, so you can replace whatever files you want in that JRE.

Answer 2

secretKeyFactory.getInstance(String algorithm) where the name is the algorithm has the AND as "And" and "TRIPLEDES" seems to be "DESede". So try PBEWithMD5AndDESede .

Also Java (by default) doesn't contain any actual implementations it directs the request to the underlying platform, so they are dependent on what is supported by your OS.