Removing the 128-bit key restriction in Java
An issue in choosing an encryption key size in Java
is that by default, current versions of the JDK have a deliberate key size restriction
built in. If you try to perform, say, 256-bit AES encryption with the default JDK,
you'll find that it dutifully throws an InvalidKeyException, complaining
with the not-too-explicit message "Illegal key size or default parameters".
If you get this exception, you're probably not doing anything wrong: you've
just hit an arbitrary restriction imposed by (at least Sun's) JDK with default settings.
It turns out that the Cipher class will generally not allow encryption with
a key size of more than 128 bits. The apparent reason behind this is that
some countries (although increasingly fewer) have restrictions on the
permitted key strength of imported encryption software, although the actual number
128 is questionable (see below). The good news is that:
You can easily remove the restriction by overriding
the security policy files with others that Sun provides.
Of course, by "easily", we mean "easy for somebody who doesn't mind downloading a zip,
extracting some files from them and copying them to the right place inside the JRE folder".
For some customers, this could make deployment a little impractical.
At present, the file you need
is called Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6
and is currently available at the Java SE download page. This zip file contains a couple of policy jars, which you need copy over the top of
the ones already in the lib/security directory of your JRE.
How to determine if a client has this restriction
You can use Cipher.getMaxAllowedKeyLength() to return the maximum key length
(in bits) permitted for a given algorithm. For example, to find out the maximum
permitted key size with AES, we can call:
int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
Note that this method generally returns the maximum key length permitted by policy,
not necessarily by that algorithm!
Where did the number 128 come from?
Now I have to confess, not being a politician, lawyer or lobotomised chimpanzee,
I don't fully understand the rationale behind the number 128, for at least two reasons:
- it's difficult to actually find a reference to any country's current import law
that specifically mentions the magic number 128 (see Bert-Jaap Koops'
cryptography law survey);
- in any case, the JDK ships with a 160-bit secure hash algorithm
and a random number generator built on this algorithm.
(Remember, you can create a stream cipher by
XORing your data with a secure random number source; however strong or
weak you argue it is, SecureRandom can
in effect serve as a 160-bit encryption algorithm.)