From: http://charithaka.blogspot.com/2008/08/how-to-avoid-javasecurityinvalidkeyexce.html
"java.security.InvalidKeyException:illegal Key Size" error is a common issue which occurs when you try to invoke a secured web service in an environment where the provision for java unlimited security jurisdiction is not done.
This can be avoided by installing Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.1. Suppose you are using jdk15. Go to http://java.sun.com/javase/downloads/index_jdk5.jsp
2. Go to the Other Downloads section and click on download link next to "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0"
3. Download jce_policy-1_5_0.zip and extract it in to a directory.
4. You will find local_policy.jar and US_export_policy.jar files there in the extracted directory. Copy these two files to $JAVA_HOME/jre/lib/security directory. (These files will already be there. you may replace them)
5. Restart WSO2 WSAS and invoke your secured service again. You will not encounter the "invalidkeyException" any more.