You don’t want to specify PKCS#7 padding for block cipher use. You want to specify PKCS#5 padding. PKCS#5 is specified for use with block ciphers while PKCS#7 is not (it’s use for different places like in S/MIME). I will point out that PKCS#5 and PKCS#7 actually specify exactly the same type of padding (they are … Read more
So I’m running a similar setup, with an AWS box running openjdk-1.8.0.51. what solved it for me is to add bouncycastle as a provider like so: Add the bcprov-<verion>.jar to /usr/lib/jvm/jre/lib/ext Edit /usr/lib/jvm/jre/lib/security/java.security adding the following line to the list of providers: security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider (I added it as the 6th entry but you can add higher … Read more
In the same spirit as the answer of Dan Cruz, but with a single line of code and without going trough exceptions: boolean limit = Cipher.getMaxAllowedKeyLength(“RC5”)<256; So a complete program might be: import javax.crypto.Cipher; public class TestUCE { public static void main(String args[]) throws Exception { boolean unlimited = Cipher.getMaxAllowedKeyLength(“RC5”) >= 256; System.out.println(“Unlimited cryptography enabled: … Read more
Yes, but not with publicly documented classes. I’ve documented the process in this article. import sun.security.x509.*; import java.security.cert.*; import java.security.*; import java.math.BigInteger; import java.util.Date; import java.io.IOException /** * Create a self-signed X.509 Certificate * @param dn the X.509 Distinguished Name, eg “CN=Test, L=London, C=GB” * @param pair the KeyPair * @param days how many days … Read more
To hash a string, use the built-in MessageDigest class: import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.nio.charset.StandardCharsets; import java.math.BigInteger; public class CryptoHash { public static void main(String[] args) throws NoSuchAlgorithmException { MessageDigest md = MessageDigest.getInstance(“SHA-256”); String text = “Text to hash, cryptographically.”; // Change this to UTF-16 if needed md.update(text.getBytes(StandardCharsets.UTF_8)); byte[] digest = md.digest(); String hex = … Read more
This error means that your Java virtual machine uses a policy that only allows restricted cryptography key sizes due to US export laws. Java 9 and higher The Unlimited Strength Jurisdiction Policy Files are included with Java 9 and used by default (see Security Updates in the Java 9 Migration Guide). If you get this … Read more
There are a couple of commonly quoted solutions to this problem. Unfortunately neither of these are entirely satisfactory: Install the unlimited strength policy files. While this is probably the right solution for your development workstation, it quickly becomes a major hassle (if not a roadblock) to have non-technical users install the files on every computer. … Read more
To explain in common usecase/purpose or layman way: TrustStore : Used to store the certificates of trusted entities. A process can maintain a store of certificates of all the trusted parties which it trusts. keyStore : Used to store the server keys (both public and private) along with the signed certificate. During the SSL handshake, … Read more