How to over come "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error when invoking secured services
These "org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size or default parameters" or "java.security.InvalidKeyException:illegal Key Size" error usually occurs when we try to invoke a web services in a secured manner and your JVM is not provisioned for Java unlimited security jurisdiction.
To provision for the Java unlimited security jurisdiction we have to install Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.
How to Install JCE
- Go to the Oracle Java SE download page http://www.oracle.com/technetwork/java/javase/downloads/index.html
- Scroll down ... Under "Additional Resources" section you will find "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File"
- Download the version that matches your installed JVM E.g. UnlimitedJCEPolicyJDK7.zip
- Unzip the downloaded zip
- Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars will be already there so you have to overwrite them)
- Then restart your application to get rid of this exception.
Another solution ist to execute this:
ReplyDeletetry {
Field field = Class.forName("javax.crypto.JceSecurity").
getDeclaredField("isRestricted");
field.setAccessible(true);
field.set(null, java.lang.Boolean.FALSE);
} catch (Exception ex) {
ex.printStackTrace();
}
This is just Great! I was so tired to change them at every java update!
DeleteI am using java version 1.6.0_35, which doesn't have class javax.crypto.JceSecurity. Any equivalent class in 1.6.0_35 jce.jar?
DeleteMany thanks!
Many thanks!! It saves me a tremendous time and releases my stress from completing my task on time!
DeleteThanks Suho fro creating this blob too!!
Where do I paste that code?
DeleteCareful with this Reflection. USA doesn't like exporting high-grade encryption to some countries. Oracle's JCE might have export restrictions. If your code circumvents this in production-code you could cause trouble for yourself
DeleteHi Suho..
ReplyDeleteThanks you very much.. It helped me :)
-Sam
Helped! Much thanks.
ReplyDeletethanks
ReplyDeleteSo the script works and is running, now what?
ReplyDeleteHi, I just wanted to check if java 1.7.x supports JCE ? I am trying to install java with jce. Then after installing jdk should I follow the steps you gave me to finish this task ?
ReplyDeleteHi. Thank you very much. It worked!
ReplyDeleteHi, thanks for the help but I have another question how do I undo or reverse to the previous version of this thing :P
ReplyDeleteDoesn't work.
ReplyDeleteDownload from this link
ReplyDeletehttp://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Hello! This solution is Excellent!! Thank YOU Suhorish!
ReplyDeleteExcellent Solution!!!
ReplyDeleteThank You Suhorish!
I download JCE file but one thing I could not figure out how to put local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security. Foremost problem is how to find $JAVA_HOME/jre/lib/security. Please help urgent.
ReplyDeleteHi Manoj KC. $JAVA_HOME is nothing but the home directory of your jdk.It is the folder where you installed the jdk.most probably it in in C://Program Files/Java folder.
ReplyDeleteMany thanks bro
ReplyDeleteMany thanks ....
ReplyDeleteThanks a lot, It saved me a lot!!!
ReplyDeleteDo I put this at the beginning of my encryption code?
ReplyDeleteHi Suho, I really need your help. Do I need to restart my machine after adding the new JCE Provider for it to take effect?
ReplyDelete