Problem : Application is not working and throwing an error "java.security.InvalidKeyException: Illegal key size or default parameters at javax.crypto.Cipher
....." in SystemOut.log .
Resolution:
if you use a key with an illegal key size that is not supported by default, this exception is thrown. To resolve this error, you must obtain the unrestricted strength cryptography policy files and install them.
....." in SystemOut.log .
Resolution:
if you use a key with an illegal key size that is not supported by default, this exception is thrown. To resolve this error, you must obtain the unrestricted strength cryptography policy files and install them.
The Keys refer to the encryption or decryption keys which are used in the Java Code.
You can migrate the unrestricted jurisdiction policy files, local policy.jar and US_export_policy.jar.
About this task
If you want to use encryption keys that are greater than 128-bits, you must use the unrestricted jurisdiction policy files, local_policy.jar and US_export_policy.jar.
The files are located in the [WAS_HOME/java/jre/lib/security] directory.
If your back-level version of WebSphere® Application Server is using the unrestricted jurisdiction policy files, you must perform special steps to migrate these files to your new version of WebSphere Application Server. If you are not using the unrestricted jurisdiction policy files, you do not need to take any action.
Procedure
1.Before migrating, copy the modified local_policy.jar file to a temporary location.
2.Migrate the WebSphere Application Server installation.
3.Copy the modified local_policy.jar file from step 1 to the following directory on the new WebSphere Application Server installation: WAS_HOME/java/jre/lib/security .
4.Start the new WebSphere Application Server installation as normal.
Depending on your choice of cipher strength (128, 192 or 256) for AES, you may need to add the unrestricted policy jar files to either $JAVA_HOME/jre/lib/security or $JAVA_HOME/lib/security. AES 128 does NOT require use of the policy files. These files are named: local_policy.jar and US_export_policy.jar.
You can migrate the unrestricted jurisdiction policy files, local policy.jar and US_export_policy.jar.
About this task
If you want to use encryption keys that are greater than 128-bits, you must use the unrestricted jurisdiction policy files, local_policy.jar and US_export_policy.jar.
The files are located in the [WAS_HOME/java/jre/lib/security] directory.
If your back-level version of WebSphere® Application Server is using the unrestricted jurisdiction policy files, you must perform special steps to migrate these files to your new version of WebSphere Application Server. If you are not using the unrestricted jurisdiction policy files, you do not need to take any action.
Procedure
1.Before migrating, copy the modified local_policy.jar file to a temporary location.
2.Migrate the WebSphere Application Server installation.
3.Copy the modified local_policy.jar file from step 1 to the following directory on the new WebSphere Application Server installation: WAS_HOME/java/jre/lib/security .
4.Start the new WebSphere Application Server installation as normal.
Depending on your choice of cipher strength (128, 192 or 256) for AES, you may need to add the unrestricted policy jar files to either $JAVA_HOME/jre/lib/security or $JAVA_HOME/lib/security. AES 128 does NOT require use of the policy files. These files are named: local_policy.jar and US_export_policy.jar.
The above steps also apply to BPM or process server upgrade.
