Invalid AES key length. jwk-gen creating wrong key

[newbee]

Hello,

I am generating encryption key of size 16 using the following command. 

java -jar jwk-gen.jar -t oct -s 16

Full key:
{
  "kty": "oct",
  "kid": "1532516160",
  "k": "6vI"
}

Then I am providing the generated key as below to cas 

cas.webflow.crypto.encryption.key=6vI

I doubted the generated key is not right size. And as expected when I run cas.war file I see below error. 

2018-07-25 10:21:34,038 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/cas] threw exception [Request processing failed; nested exception is org.springframework.webflow.execution.FlowExecutionException: Exception thrown in state 'viewLoginForm' of flow 'login'] with root cause>
java.security.InvalidKeyException: Invalid AES key length: 3 bytes
 at com.sun.crypto.provider.AESCipher.engineGetKeySize(AESCipher.java:495) ~[sunjce_provider.jar:1.8.0_71]
 at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1067) ~[?:1.8.0_71]
 at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1038) ~[?:1.8.0_71]
 at javax.crypto.Cipher.implInit(Cipher.java:805) ~[?:1.8.0_71]
 at javax.crypto.Cipher.chooseProvider(Cipher.java:864) ~[?:1.8.0_71]
 at javax.crypto.Cipher.init(Cipher.java:1396) ~[?:1.8.0_71]
 at javax.crypto.Cipher.init(Cipher.java:1327) ~[?:1.8.0_71]
 at org.apache.shiro.crypto.JcaCipherService.init(JcaCipherService.java:488) ~[shiro-core-1.4.0.jar!/:1.4.0]
 at org.apache.shiro.crypto.JcaCipherService.initNewCipher(JcaCipherService.java:598) ~[shiro-core-1.4.0.jar!/:1.4.0]
 at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:444) ~[shiro-core-1.4.0.jar!/:1.4.0]
 at org.apache.shiro.crypto.JcaCipherService.encrypt(JcaCipherService.java:324) ~[shiro-core-1.4.0.jar!/:1.4.0]
 at org.apache.shiro.crypto.JcaCipherService.encrypt(JcaCipherService.java:313) ~[shiro-core-1.4.0.jar!/:1.4.0]
 at org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.encode(BaseBinaryCipherExecutor.java:71) ~[cas-server-core-util-5.2.5.jar!/:5.2.5]
 at org.apereo.cas.util.cipher.BaseBinaryCipherExecutor.encode(BaseBinaryCipherExecutor.java:29) ~[cas-server-core-util-5.2.5.jar!/:5.2.5]

Where is the problem? Is it with jwk-gen.jar? or is it with CAS?

I am using CAS 5.2.3 and I got the jwk-gen.jar using this command - wget https://raw.githubusercontent.com/apereo/cas/master/etc/jwk-gen.jar

PLEASE HELP.

[Danny]

I believe that CAS key size properties are bytes and jwk-gen.jar uses bits, so you would want -s 128

[Govind Lohiya]

You are right. Thanks a lot.

Wonder how I missed this. Is this mentioned anywhere in the documentation please?

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/jWRXvhfV8Dc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/01716c48-dd88-4c65-a95f-c924be1aeb1a%40apereo.org.

--

Thanks and Regards,

Govind R Lohiya