You don’t want to specify PKCS#7 padding for block cipher use. You want to specify PKCS#5 padding. PKCS#5 is specified for use with block ciphers while PKCS#7 is not (it’s use for different places like in S/MIME). I will point out that PKCS#5 and PKCS#7 actually specify exactly the same type of padding (they are … Read more
Yes, but not with publicly documented classes. I’ve documented the process in this article. import sun.security.x509.*; import java.security.cert.*; import java.security.*; import java.math.BigInteger; import java.util.Date; import java.io.IOException /** * Create a self-signed X.509 Certificate * @param dn the X.509 Distinguished Name, eg “CN=Test, L=London, C=GB” * @param pair the KeyPair * @param days how many days … Read more
I would use your suggested code, but with a slight simplification: KeyGenerator keyGen = KeyGenerator.getInstance(“AES”); keyGen.init(256); // for example SecretKey secretKey = keyGen.generateKey(); Let the provider select how it plans to obtain randomness – don’t define something that may not be as good as what the provider has already selected. This code example assumes (as … Read more
So I’m running a similar setup, with an AWS box running openjdk-1.8.0.51. what solved it for me is to add bouncycastle as a provider like so: Add the bcprov-<verion>.jar to /usr/lib/jvm/jre/lib/ext Edit /usr/lib/jvm/jre/lib/security/java.security adding the following line to the list of providers: security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider (I added it as the 6th entry but you can add higher … Read more
In the same spirit as the answer of Dan Cruz, but with a single line of code and without going trough exceptions: boolean limit = Cipher.getMaxAllowedKeyLength(“RC5”)<256; So a complete program might be: import javax.crypto.Cipher; public class TestUCE { public static void main(String args[]) throws Exception { boolean unlimited = Cipher.getMaxAllowedKeyLength(“RC5”) >= 256; System.out.println(“Unlimited cryptography enabled: … Read more
To hash a string, use the built-in MessageDigest class: import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.nio.charset.StandardCharsets; import java.math.BigInteger; public class CryptoHash { public static void main(String[] args) throws NoSuchAlgorithmException { MessageDigest md = MessageDigest.getInstance(“SHA-256”); String text = “Text to hash, cryptographically.”; // Change this to UTF-16 if needed md.update(text.getBytes(StandardCharsets.UTF_8)); byte[] digest = md.digest(); String hex = … Read more
The terminology is a bit confusing indeed, but both javax.net.ssl.keyStore and javax.net.ssl.trustStore are used to specify which keystores to use, for two different purposes. Keystores come in various formats and are not even necessarily files (see this question), and keytool is just a tool to perform various operations on them (import/export/list/…). The javax.net.ssl.keyStore and javax.net.ssl.trustStore … Read more
This error means that your Java virtual machine uses a policy that only allows restricted cryptography key sizes due to US export laws. Java 9 and higher The Unlimited Strength Jurisdiction Policy Files are included with Java 9 and used by default (see Security Updates in the Java 9 Migration Guide). If you get this … Read more
There are a couple of commonly quoted solutions to this problem. Unfortunately neither of these are entirely satisfactory: Install the unlimited strength policy files. While this is probably the right solution for your development workstation, it quickly becomes a major hassle (if not a roadblock) to have non-technical users install the files on every computer. … Read more