ErrorIllegal key size

ErrorIllegal key size

Java environment

java version "1.8.0_151"
Java(TM) SE Runtime Environment (build 1.8.0_151-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.151-b12, mixed mode)

Solution

There is one thing we did not mention before, that is, there are two directories /usr/local/java/jdk1.8.0_151/jre/lib/security/policy/below .

[root@djx-117106 policy]# pwd
/usr/local/java/jdk1.8.0_151/jre/lib/security/policy/
[root@djx-117106 policy]# ls -l
total 8
drwxr-xr-x 2 root root 4096 Nov  2 10:47 limited
drwxr-xr-x 2 root root 4096 Nov  2 10:47 unlimited
[root@djx-117106 policy]# ls -l ./limited/
total 8
-rw-r--r-- 1 root root 3405 Jul  4 19:41 local_policy.jar
-rw-r--r-- 1 root root 2920 Jul  4 19:41 US_export_policy.jar
[root@djx-117106 policy]# ls -l ./unlimited/
total 8
-rw-r--r-- 1 root root 2929 Jul  4 19:41 local_policy.jar
-rw-r--r-- 1 root root 2917 Jul  4 19:41 US_export_policy.jar

There is a  limited directory (that is, the package with restrictions on decryption, only supports 128 bits), and there is also a  ulimited directory (that is, the directory without restrictions).

Change source code

/usr/local/java/jdk1.8.0_151/jre/lib/security/ We   java.securitysee this in the document below.

# To support older JDK Update releases, the crypto.policy property
# is not defined by default. When the property is not defined, an
# update release binary aware of the new property will use the following
# logic to decide what crypto policy files get used :
#
# * If the US_export_policy.jar and local_policy.jar files are located
# in the (legacy) <java-home>/lib/security directory, then the rules
# embedded in those jar files will be used. This helps preserve compatibility
# for users upgrading from an older installation.
#
# * If crypto.policy is not defined and no such jar files are present in
# the legacy locations, then the JDK will use the limited settings
# (equivalent to crypto.policy=limited)
#
# Please see the JCA documentation for additional information on these
# files and formats.
#crypto.policy=unlimited

Note that the instructions below  (equivalent to crypto.policy=limited) are used by default  limited.
We only need to add  crypto.policy=unlimited. to make the default use unrestricted.

Replace Jar package

Replace  /usr/local/java/jdk1.8.0_151/jre/lib/security/policy/limitedthe path to the package. In fact, we can directly  /usr/local/java/jdk1.8.0_151/jre/lib/security/policy/unlimitedreplace the following  /usr/local/java/jdk1.8.0_151/jre/lib/security/policy/limited/ two packages with the following packages. That is to say, unrestricted jar packages are used by default.

Upgrade Java version

Java™ SE Development Kit 8, Update 161
writes in the official documentation,

security-libs/javax.crypto
 Unlimited cryptography enabled by default
The JDK uses the Java Cryptography Extension (JCE) Jurisdiction Policy files to configure cryptographic algorithm restrictions. Previously, the Policy files in the JDK placed limits on various algorithms. This release ships with both the limited and unlimited jurisdiction policy files, with unlimited being the default. The behavior can be controlled via the new 'crypto.policy' Security property found in the /lib/java.security file. Please refer to that file for more information on this property.

That is to say, from  1.8.0_161-b12 this version onwards, the unrestricted encryption algorithm will be used by default, that is,  unlimited the jar package below will be used. We can also  change this default value by setting the value of java.security the file  .crypto.policy