Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

InvalidKeyException: Wrong key size - Encryption exception with javax.crypto.spec.DESedeKeySpec

797 views
Skip to first unread message

Megha Vishwanath

unread,
Aug 12, 2004, 10:36:21 AM8/12/04
to
Hi,

We have a problem with a particular Encryption class being run on a
Linux Box
with this java environment-

Linux-J2SDK 1.4.1 installation
java version "1.4.1"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1-b21)
Java HotSpot(TM) Client VM (build 1.4.1-b21, mixed mode)

This is the Exception being thrown-

java.security.InvalidKeyException: Wrong key size
at javax.crypto.spec.DESedeKeySpec.<init>(DashoA6275)
at javax.crypto.spec.DESedeKeySpec.<init>(DashoA6275)
at com.scm.security.Encryption.getKeyFromFile(Unknown Source)
at com.scm.security.Encryption.getSecKey(Unknown Source)
at com.scm.security.Encryption.getEncryptedData(Unknown
Source)

Here's the piece of code where we have hard coded the 24 byte key to a
value common to Encryption and Decryption-

byte [] dk = "IIIÇ|ß*;;;Ů­2?ŮßIzĺ˘ékLş".getBytes();

// Generating/setting the decryption key.
try
{
SecretKeyFactory keyFactory =
SecretKeyFactory.getInstance(algorithm);
DESedeKeySpec dkSpec = new DESedeKeySpec(dk);
secKey = keyFactory.generateSecret(dkSpec);
return secKey;
}
catch(Exception e)
{
System.out.println("Unable to set the secret key.");
e.printStackTrace();
}

What went wrong? We are not able to simulate the problem on jdk1.4.2
for Windows. Could the answer lie with the version mismatch?

-Megha Vishwanath
[vme...@vsnl.com]
[meg...@world2web.com]

Chris

unread,
Aug 12, 2004, 6:15:29 PM8/12/04
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Megha Vishwanath wrote:

[snip]
> byte [] dk = "IIIĮ|ß*;;;Ų­2?ŲßIzåĒékLš".getBytes();
[snip]

Hi,
This is a really bad idea. You're storing a binary key in a String.
Some of these characters (at least as they show up in my newsreader)
are extended characters, high in the Unicode character set. There are
certainly twenty-four *characters*, but they probably encode to a lot
more *bytes* than that; this will *almost always* be true when
storing a random binary key. If you're storing a key, you need to use
a byte array at all times. If it's being written to a file, write it
with an OutputStream's write() method, and read it back in later with
an InputStream's read() method. If you're hardcoding it in your
source, write it in this form:

byte[] dk = {0x08, 0x09, 0x0A, 0x0B, ...};

encoding each byte in hexadecimal.

Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBG+wFgxSrXuMbw1YRAsXGAJ9vlNoc9GfGOFsBo1t4sYrGqU+O3ACggavO
/4UqPtfJqLZcVW3L6gF//hA=
=tJZt
-----END PGP SIGNATURE-----

Michael Amling

unread,
Aug 12, 2004, 9:57:38 PM8/12/04
to
Megha Vishwanath wrote:
> Hi,
>
> We have a problem with a particular Encryption class being run on a
> Linux Box
> with this java environment-
>
> Linux-J2SDK 1.4.1 installation
> java version "1.4.1"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1-b21)
> Java HotSpot(TM) Client VM (build 1.4.1-b21, mixed mode)
>
> This is the Exception being thrown-
>
> java.security.InvalidKeyException: Wrong key size
> at javax.crypto.spec.DESedeKeySpec.<init>(DashoA6275)
> at javax.crypto.spec.DESedeKeySpec.<init>(DashoA6275)
> at com.scm.security.Encryption.getKeyFromFile(Unknown Source)
> at com.scm.security.Encryption.getSecKey(Unknown Source)
> at com.scm.security.Encryption.getEncryptedData(Unknown
> Source)

If it's telling you "Wrong key size", you should at least dump out
the size of the key you're giving it.

> Here's the piece of code where we have hard coded the 24 byte key to a
> value common to Encryption and Decryption-
>

> byte [] dk = "IIIĮ|ß*;;;Ų­2?ŲßIzåĒékLš".getBytes();

This looks like sophistry. Note: The bytes that you get depend
strongly on what the default encoding is. I don't know why you would
want to store raw binary data in an object of type String, but if you
insist, then at least use the deprecated but deterministic method
getBytes(int srcBegin, int srcEnd, byte dst[], int dstBegin), which
gives you a result which is independent of the default character encoding.

> // Generating/setting the decryption key.
> try
> {
> SecretKeyFactory keyFactory =
> SecretKeyFactory.getInstance(algorithm);
> DESedeKeySpec dkSpec = new DESedeKeySpec(dk);
> secKey = keyFactory.generateSecret(dkSpec);
> return secKey;
> }
> catch(Exception e)
> {
> System.out.println("Unable to set the secret key.");

System.out.println("from a "+dk.length+"-byte array");

> e.printStackTrace();
> }
>
> What went wrong? We are not able to simulate the problem on jdk1.4.2
> for Windows. Could the answer lie with the version mismatch?

--Mike Amling

Megha Vishwanath

unread,
Aug 13, 2004, 3:01:27 AM8/13/04
to
Thanx Chris, Put the key in a file. It worked
0 new messages