Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4953554

SecurityException from javax.crypto.Cipher.init(int, Key) with invalid key

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Duplicate
    • Affects Version/s: 5.0
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description



      Name: iiR10263 Date: 11/13/2003



      The specification describes the following exceptions that are thrown
      by javax.crypto.Cipher.init(int, Key):

      Throws:
      InvalidKeyException - if the given key is inappropriate for
      initializing this cipher, or if this cipher is being initialized for
      decryption and requires algorithm parameters that cannot be determined
      from the given key, or if the given key has a keysize that exceeds the
      maximum allowable keysize (as determined from the configured
      jurisdiction policy files).

      The above means that InvalidKeyException should be thrown if a key
      belongs to invalid algorithm ("inappropriate to initialize").

      Unfortunately current implementation throws SecurityException when
      init(Cipher.ENCRYPT_MODE, (Key)...)
      is called for Cipher objects of the PBEWITHMD5ANDTRIPLEDES and DES
      algorithms.

      Please find the code example that reproduses the situation and exception stack
      trace below:

      import java.io.PrintWriter;
      import java.security.InvalidKeyException;
      import java.security.Key;
      import java.security.AlgorithmParameters;
      import java.security.spec.KeySpec;
      import javax.crypto.Cipher;
      import javax.crypto.spec.SecretKeySpec;

      public class e4 {
       
          public static void main(String argv[]) {
              Cipher c;
              AlgorithmParameters params = null;
              Key ik = new SecretKeySpec("Ugly key".getBytes(),
                  "IsThisAlgorithmIsUglyEnough?");

              //String alg = "DES";
              String alg = "PBEWITHMD5ANDTRIPLEDES";
              
              try {
                  c = Cipher.getInstance(alg);
                  
                  c.init(Cipher.ENCRYPT_MODE, ik);
                  
              } catch (InvalidKeyException e) {
              } catch (Exception e) {
                  e.printStackTrace(System.out);
              }
          }
      }

      java.lang.SecurityException: Unsupported keysize or algorithm parameters
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.init(DashoA6275)
              at javax.crypto.Cipher.init(DashoA6275)
              at e4.main(e4.java:23)


      java full version "1.5.0-beta-b26"
              
      ======================================================================

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              valeriep Valerie Peng
              Reporter:
              duke J. Duke (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: