- edited description
Use of EncryptionMethod A192CBC_HS384 and A256CBC_HS512 always leads to an "Illegal key size" Exception
Issue #123
invalid
Got the following stack trace when using AESEncrypter with JWEAlgorithm.A128GCMKW and EncryptionMethod.A192CBC_HS384 or EncryptionMethod.A256CBC_HS512 with BouncyCastleProviderSingleton.getInstance() as the provider:
SEVERE: null
com.nimbusds.jose.JOSEException: Illegal key size
at com.nimbusds.jose.crypto.AESCBC.createAESCBCCipher(AESCBC.java:100)
at com.nimbusds.jose.crypto.AESCBC.encrypt(AESCBC.java:127)
at com.nimbusds.jose.crypto.AESCBC.encryptAuthenticated(AESCBC.java:193)
at com.nimbusds.jose.crypto.AESEncrypter.encrypt(AESEncrypter.java:212)
at com.nimbusds.jose.JWEObject.encrypt(JWEObject.java:376)
...
Caused by: java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1024)
at javax.crypto.Cipher.init(Cipher.java:1345)
at javax.crypto.Cipher.init(Cipher.java:1282)
at com.nimbusds.jose.crypto.AESCBC.createAESCBCCipher(AESCBC.java:91)
... 39 more
The problematic source code that triggers this exception is as follows:
JWEAlgorithm encryptionAlg = JWEAlgorithm.A128GCMKW;
EncryptionMethod encryptionMethod = EncryptionMethod.A192CBC_HS384;
JWT jwt = new EncryptedJWT(new JWEHeader(encryptionAlg, encryptionMethod), claimsSet);
AESEncrypter encrypter = new AESEncrypter(key);
encrypter.setProvider(BouncyCastleProviderSingleton.getInstance());
((EncryptedJWT) jwt).encrypt(encrypter); // Exception is thrown on this line
Comments (3)
-
reporter
-
reporter
- edited description
-
- changed status to invalid
Yes, the above suggestion is correct, you should put an AES unlocking JAR in your JRE to enable longer AES keys. Unless you do that you are guaranteed to get this exception :)
- Log in to comment
