InvalidKeyException: Illegal Key Size
Problem:
When running continuous integration tests on a TeamCity server, a "java.security.InvalidKeyException: Illegal key size" error occurs. The code uses BouncyCastle for AES encryption and works correctly on a development MacBook Pro with Java 1.6.
Cause:
The Java virtual machine restricts key sizes due to US export laws.
Solution:
Java 9 and Higher
- The Unlimited Strength Jurisdiction Policy Files are included by default and activated. If the error persists, it indicates a more restrictive policy configuration.
Java 8 and Earlier
Java 8 Update 161 and Higher
- Java 8 defaults to the Unlimited Strength Jurisdiction Policy. If the error occurs, check the configuration as it may have been changed to limited.
Java 8 Update 151 and Higher
- Edit the java.security file to uncomment or add the line "crypto.policy=unlimited" to enable the Unlimited Strength Jurisdiction Policy.
- Restart the JVM after making changes.
Before Java 8 Update 151
- Install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files provided by Oracle.
- Replace the original "strong" policy files with the unlimited strength versions.
- Restart the JVM after installation.
Additional Considerations:
- BouncyCastle can be used to avoid this limitation, but only if the custom BC classes are used directly, not through the BC provider.
- Using the Unlimited Strength Jurisdiction Policy may violate US export laws. Consider consulting local legal counsel or Oracle for guidance.
The above is the detailed content of How to Resolve 'java.security.InvalidKeyException: Illegal Key Size' Errors in Java?. For more information, please follow other related articles on the PHP Chinese website!