Reputation: 9935
Openssl -aes-256-cbc in java with only provided key
when I decrypt the file by using command line tool openssl, it is OK by the following commend.
I don't any information about the encryption, client only provide the following command and key.
openssl enc -d -aes-256-cbc -in 8MP_2018_12_12.gz.enc -out 8MP_2018_12_12.gz.enc.gz -pass file:pass.txt
I already check a lot question in stackoverflow , test and run for a lot of program. As I have only provided key, I cannot use ivparameterspec.
In pass.txt, there is a provided key
xxxxxxx12354125222sdsf <- example
My Program
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import org.apache.commons.io.IOUtils;
import org.apache.commons.ssl.OpenSSL;
public class OpenSSLTest {
public static void main(String[] args) throws Exception {
File inputFile = new File("D:\\temp\\8MP_2018_12_12.gz.enc");
File outputFile = new File("D:\\temp\\8MP_2018_12_12.gz");
FileInputStream inputStream = new FileInputStream(inputFile);
InputStream in = OpenSSL.decrypt("aes-256-cbc", "xxxxxxx12354125222sdsf".toCharArray(), inputStream);
FileOutputStream outputStream = new FileOutputStream(outputFile);
IOUtils.copy(in, outputStream);
outputStream.flush();
outputStream.close();
in.close();
}
}
When I run above program, I get the following message
Exception in thread "main" java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)
at javax.crypto.Cipher.implInit(Cipher.java:805)
at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
at javax.crypto.Cipher.init(Cipher.java:1396)
at javax.crypto.Cipher.init(Cipher.java:1327)
at org.apache.commons.ssl.PKCS8Key.generateCipher(PKCS8Key.java:420)
at org.apache.commons.ssl.OpenSSL.decrypt(OpenSSL.java:165)
at OpenSSLTest.main(OpenSSLTest.java:15)
I already try to fixed that issue according to Java Security: Illegal key size or default parameters?
I already download jce_policy-8.zip. I already put local_policy.jar and US_export_policy.jar into my ....\jre1.8.0_66\lib\security directory.
I still get above error message. My JDK version is jdk1.8.0_66.
Upvotes: 2
Views: 603
Answers (1)
Reputation: 14194
The "key" string you're getting from pass.txt is 22 characters. When OpenSSL uses a "password" to derive a key, it uses the EVP_BytesToKey algorithm to determine the actual (AES, in this case) key to use. That key must be 16, 24, or 32 bytes (128, 192, or 256 bits respectively).
I don't know how the library you're using derives the key from the provided password, but it doesn't seem to be doing that correctly, or if it is, 256 bit keys are not enabled in this JVM instance. One thing to check is that unless you renamed the jre directory, the directory path should actually look like jdk_1.8.0_66\jre\lib\security. You can use this code snippet to test the key lengths available to you:
if (Cipher.getMaxAllowedKeyLength("AES") > 128) {
System.out.println("All key lengths supported");
} else {
System.out.println("Only 128 bit keys supported");
}
Upvotes: 1
Related Questions
- AES - simple encrypt in Java, decrypt with openssl
- AES-256-CBC encrypt with key / IV in java and decrypt in OpenSSL
- Java equivalent of an OpenSSL AES CBC encryption
- Decrypt file encrypted using openssl with aes-cbc-256
- Java Encryption with OpenSSL key
- Using Java to decrypt openssl aes-256-cbc using provided key and iv
- AES-256 CBC Encryption/Decryption string using OpenSSL in Android
- how to use OpenSSL to decrypt Java AES-encrypted data?
- Encryption not working with key generated from openssl for AES-256
- Using openssl encryption with Java