Illegal Key Size - AES CBC Decryption

StackOverflow https://stackoverflow.com/questions/20153539

  •  04-08-2022
  •  | 
  •  

Pergunta

I am doing some simple encryption/decryption coding, and I am having a problem, which I cannot figure out by myself.

I have a ciphertext which is hex encoded. The ciphertext is AES with a block length of 128bits and a key length of 256bits. The cipher block mode is CBC. IV is the first block of the cipher text.

The Exception Message is Illegal Key Size.

Here is my decrypt() function:

public static byte[] decrypt() throws Exception
{
    try{
        byte[] ciphertextBytes = convertToBytes("cb12f5ca1bae224ad44fdff6e66f9a53e25f1000183ba5568958430c11c6eafc62c04de8bf27e0ac7104b598fb492142");
        byte[] keyBytes = convertToBytes("CFDC65CB003DD50FF5D6D826D62CF9CA6C64489D60CB02D18C1B58C636F8220D");
        byte[] ivBytes = convertToBytes("cb12f5ca1bae224a");

        SecretKey aesKey = new SecretKeySpec(keyBytes, "AES");

        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
        cipher.init(Cipher.DECRYPT_MODE, aesKey, new IvParameterSpec(ivBytes));

        byte[] result = cipher.doFinal(ciphertextBytes);
        return result;
    }
    catch(Exception e)
    {
        System.out.println(e.getMessage());
    }
     return null;
}

And I have those functions to do the conversion String/ByteArray

    //convert ByteArray to Hex String
public static String convertToHex(byte[] byteArray)
{
    StringBuilder sb = new StringBuilder();
    for (byte b : byteArray)
    {
        sb.append(String.format("%02X", b));
    }
    return sb.toString();
}

//convert String to ByteArray
private static byte[] convertToBytes(String input) {
    int length = input.length();
    byte[] output = new byte[length / 2];

    for (int i = 0; i < length; i += 2) {
        output[i / 2] = (byte) ((digit(input.charAt(i), 16) << 4) | digit(input.charAt(i+1), 16));
    }
    return output;
}

Maybe you can help me. Thank you very much!

Foi útil?

Solução

You might have hit the key-size limit in Oracle JRE. From the linked document:

If stronger algorithms are needed (for example, AES with 256-bit keys), the JCE Unlimited Strength Jurisdiction Policy Files must be obtained and installed in the JDK/JRE.

It is the user's responsibility to verify that this action is permissible under local regulations.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top