Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Problems using JCE AES

1 view
Skip to first unread message

Daniel Dyer

unread,
Jul 6, 2006, 10:27:24 AM7/6/06
to
On Thu, 06 Jul 2006 14:06:12 +0100, Pep <p...@nowhere.com> wrote:

> Daniel Dyer wrote:
>> You need to download the unlimited strength cryptography policies from
>> Sun
>> before you can use key lengths greater than 128 bits. This is something
>> to do with US export restrictions.
>
> Hmm, I've been playing with them but have not yet managed to get them to
> work so may have to continue with the default 128 bit key length, which
> should be acceptable as that is the standard key strength with ssl.

You just have to make sure you drop them into the right directory. On my
Windows machine they have to go here:

C:\Program Files\Java\jdk1.5.0_06\jre\lib\security

> However, even though I can get the encryption working I now have a
> problem
> in that I cannot decrypt the encrypted string as I get the following
> error
> message
>
> Error Parameters missing
> java.security.InvalidKeyException: Parameters missing
> at com.sun.crypto.provider.SunJCE_h.a(DashoA12275)
> at com.sun.crypto.provider.AESCipher.engineInit(DashoA12275)
> at javax.crypto.Cipher.a(DashoA12275)
> at javax.crypto.Cipher.a(DashoA12275)
> at javax.crypto.Cipher.init(DashoA12275)
> at javax.crypto.Cipher.init(DashoA12275)
> at testaes.Main.<init>(Main.java:62)
> at testaes.Main.main(Main.java:95)
>
> at a additional line of code that is
>
> AesCipher.init(Cipher.DECRYPT_MODE, KeySpec);

If you change your AES configuration to use ECB mode instead of CBC, it
will work. However, this may not be what you want to do because there are
downsides to using this mode instead of CBC.

I think your problem has something to do with your choice of key class,
you need to provide parameters (an initialisation vector I think, but I'm
no expert on this stuff). I've copied this post to
comp.lang.java.security and set follow-ups to there. The people should be
able to give you better advice.

Dan.


--
Daniel Dyer
http://www.dandyer.co.uk

Pep

unread,
Jul 7, 2006, 3:33:36 AM7/7/06
to
Daniel Dyer wrote:

Thanks Dan, I did not think of posting to java.lang.security so I'll pop
over there :)


Pep

unread,
Jul 9, 2006, 11:33:55 AM7/9/06
to
Daniel Dyer wrote:

Turns out you were correct. Using AES/CBC/PKCS5Padding mode requires that
you initialize the decryption mode with the same IV that was used when you
encrypted.

However now that I have got the Java application working I find that it does
not work in the same way as the C++ application using the Rijndael
algorithm. Also I cannot seem to get the JCE to use AES/CBC without
PKCS5Padding which is now what I want.

Still I have started that thread in java.lang.security so hopefully I will
get a solution soon.

Thanks,
Pep.

0 new messages