一、发现现象
在用Java编写一个项目时,使用了AES作为数据库某些字段的加密方式,在Windows上正常运行,在Linux上调用AWS加密,抛出异常:No installed provider supports this key: javax.crypto.spec.SecretKeySpec
二、问题根源
Java的政策文件限制了密钥长度。
JCE(Java Cryptography Extension)是Java的加密扩展包,由于美国对某些国家有进出口限制,因此低版本Java默认限制了密钥长度,比如AES加密只能使用16位AES-128,超过16位就会报这个错。Unlimited Strength Java Cryptography Extension
Due to import control restrictions for some countries, the Java Cryptography Extension (JCE) policy files shipped with the JDK and the JRE allow strong but limited cryptography to be used. These files are located at: /lib/security/local_policy.jar /lib/security/US_export_policy.jar where is the jre directory of the JDK or the top-level directory of the JRE.
An unlimited strength version of these files indicating no restrictions on cryptographic strengths is available on the JDK web site for those living in el