Hey Marco,
I'm not enough of an expert on Java crypto to say how to substitute GCMParameterSpec for another class, and it seems from a cursory examination of the Cipher class and the AlgorithmParameterSpec interface that this isn't possible, but I can recommend that if you need access to functionality that's outside the Standard Runtime security whitelist and you can't use a beta product, Compute Engine is a great place to host the process which needs access to the full JRE.
You could either host your server as a Compute Engine VM cluster behind an
HTTP(S) Load Balancer and
AutoScaler or use App Engine for the front-ends with
Cloud Pub/Sub handling the issue of sending messages, through the Compute Engine instance which can run the crypto code, on to the recipient of the encrypted message.
Let me know if you have any further questions I can do my best to answer.
Cheers,
Nick
Cloud Platform Community Support