Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4955140

SecurityException for javax.crypto.Cipher.init(int, Key) for

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Duplicate
    • Affects Version/s: 5.0
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description



      Name: iiR10263 Date: 11/17/2003



      The specification describes the following exceptions that are thrown
      by javax.crypto.Cipher.init(int, Key):

      Throws:
      InvalidKeyException - if the given key is inappropriate for
      initializing this cipher, or if this cipher is being initialized for
      decryption and requires algorithm parameters that cannot be determined
      from the given key, or if the given key has a keysize that exceeds the
      maximum allowable keysize (as determined from the configured
      jurisdiction policy files).

      The above means that if a Key argument is inappropriate for some
      reason (for example it contradicts system policy)
      InvalidKeyException should be thrown.

      Unfortunately current implementation throws SecurityException when
      init(Cipher.ENCRYPT_MODE, (Key)...)
      is called for Cipher objects of the BLOWFISH algorithm when a key is
      too long.

      Please find the code example that reproduses the situation and exception stack
      trace below:

      import java.io.PrintWriter;
      import java.security.*;
      import javax.crypto.*;

      public class e6 {
       
          public static void main(String argv[]) {
              Key k;
              Cipher c;
              AlgorithmParameters params = null;
              
              String alg = "BLOWFISH";
              
              try {
                  int kl = Cipher.getMaxAllowedKeyLength(alg);

                  if (kl != Integer.MAX_VALUE) {
                      
                      int l = kl + 8;
                      
                      KeyGenerator kg = KeyGenerator.getInstance(alg);
              
                      kg.init(l);

                      k = kg.generateKey();
                     
                      c = Cipher.getInstance(alg);
                  
                      try {
                          c.init(Cipher.ENCRYPT_MODE, k);
                          
                          System.out.println("Where is my exception?");
                      } catch (InvalidKeyException e) {
                      }
                  }
              } catch (Exception e) {
                  e.printStackTrace(System.out);
              }
          }
      }

      java.lang.SecurityException: Unsupported keysize or algorithm parameters
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.init(DashoA6275)
              at javax.crypto.Cipher.init(DashoA6275)
              at e6.main(e6.java:30)


      java full version "1.5.0-beta-b28"

      ======================================================================

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                valeriep Valerie Peng
                Reporter:
                duke J. Duke (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: