AES的256位密钥加解 Windows正常,linux上报错 java.security.InvalidKeyException: Illegal key size
异常原因:如果密钥大于128, 会抛出java.security.InvalidKeyException: Illegal key size 异常. 因为密钥长度是受限制的, java运行时环境读到的是受限的policy文件. 文件位于${java_home}/jre/lib/security, 这种限制是因为美国对软件出口的控制.
jdk8 和 java9 之后,$JAVA_HOME/jre/lib/security路径下 的 policy 的文件夹有相应的 带限制的jar包 和 不带限制的jar包
"local_policy.jar" 和 "US_export_policy.jar",也有对应的配置文件 java.security,放开#crypto.policy=unlimited的#号,重启下java工程就可以解决了
帖子:
Since Java 9 and Java 8u151 there's no need to download and manually install jurisdiction policy files anymore. To enable unlimited cryptography, one can use the new crypto.policy Security property. If the new Security property (crypto.policy) is set in the java.security file, or has been set dynamically by using the Security.setProperty() call before the JCE framework has been initialized, that setting will be honored. By default, the property will be undefined.
https://stackoverflow.com/questions/6481627/java-security-illegal-key-size-or-default-parameters
相对路径 /jdk1.8.0_191/jre/lib/security
$JAVA_HOME/jre/lib/security
以下是java.security中截取的,最后一行有相应的配置
# Cryptographic Jurisdiction Policy defaults
#
# Import and export control rules on cryptographic software vary from
# country to country. By default, the JDK provides two different sets of
# cryptographic policy files:
#
# unlimited: These policy files contain no restrictions on cryptographic
# strengths or algorithms.
#
# limited: These policy files contain more restricted cryptographic
# strengths, and are still available if your country or
# usage requires the traditional restrictive policy.
#
# The JDK JCE framework uses the unlimited policy files by default.
# However the user may explicitly choose a set either by defining the
# "crypto.policy" Security property or by installing valid JCE policy
# jar files into the traditional JDK installation location. To better
# support older JDK Update releases, the "crypto.policy" property is not
# defined by default. See below for more information.
#
# The following logic determines which policy files are used:
#
# <java-home> refers to the directory where the JRE was
# installed and may be determined using the "java.home"
# System property.
#
# 1. If the Security property "crypto.policy" has been defined,
# then the following mechanism is used:
#
# The policy files are stored as jar files in subdirectories of
# <java-home>/lib/security/policy. Each directory contains a complete
# set of policy files.
#
# The "crypto.policy" Security property controls the directory
# selection, and thus the effective cryptographic policy.
#
# The default set of directories is:
#
# limited | unlimited
#
# 2. If the "crypto.policy" property is not set and the traditional
# US_export_policy.jar and local_policy.jar files
# (e.g. limited/unlimited) are found in the legacy
# <java-home>/lib/security directory, then the rules embedded within
# those jar files will be used. This helps preserve compatibility
# for users upgrading from an older installation.
#
# 3. If the jar files are not present in the legacy location
# and the "crypto.policy" Security property is not defined,
# then the JDK will use the unlimited settings (equivalent to
# crypto.policy=unlimited)
#
# Please see the JCA documentation for additional information on these
# files and formats.
#
# YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
# TO DETERMINE THE EXACT REQUIREMENTS.
#
# Please note that the JCE for Java SE, including the JCE framework,
# cryptographic policy files, and standard JCE providers provided with
# the Java SE, have been reviewed and approved for export as mass market
# encryption item by the US Bureau of Industry and Security.
#
# Note: This property is currently used by the JDK Reference implementation.
# It is not guaranteed to be examined and used by other implementations.
#
crypto.policy=unlimitedSecurity.setProperty("crypto.policy", "unlimited");
3146
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
