There are many types of padding, PKCS-7, Zero, ISO 10126, ANSI X.923, etc. I suggest you read up on padding since you seem not to fully understand the concept. Then there’s the possibility you are referring to cryptographic salt. Edit Every implementation of the Java platform is required to support the following standard Cipher transformations … Read more
As it turns out, it’s not strict crypto export laws, but simply that no one got around to it yet. In fact, it’s been planned for a long time to not have to jump through these hoops. In Java 9, the ceremony will be condensed down to a one-liner: Security.setProperty(“crypto.policy”, “unlimited”);
You don’t want to specify PKCS#7 padding for block cipher use. You want to specify PKCS#5 padding. PKCS#5 is specified for use with block ciphers while PKCS#7 is not (it’s use for different places like in S/MIME). I will point out that PKCS#5 and PKCS#7 actually specify exactly the same type of padding (they are … Read more
I’ve installed the Oracle JDK, and if it helps, the directory in my case was /Library/Java/JavaVirtualMachines/jdk1.7.0_09.jdk/Contents/Home/jre/lib/security/. Your mileage may vary, in which case just run find . -name local_policy.jar and see what it turns up.
In short, the reason for the difference is that PBKDF2 algorithm in modes #1 and #2 uses PKCS #5 v2 scheme 2 (PKCS5S2) for iterative key generation, but the BouncyCastle provider for “PBEWITHHMACSHA1” in mode #3 uses the PKCS #12 v1 (PKCS12) algorithm instead. These are completely different key-generation algorithms, so you get different results. … Read more
If you have a byte[] representing the output of getEncoded() on a key, you can use KeyFactory to turn that back into a PublicKey object or a PrivateKey object. byte[] privateKeyBytes; byte[] publicKeyBytes; KeyFactory kf = KeyFactory.getInstance(“RSA”); // or “EC” or whatever PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(privateKeyBytes)); PublicKey publicKey = kf.generatePublic(new X509EncodedKeySpec(publicKeyBytes));
I found that it can be tested with the following code snippet: int maxKeyLen = Cipher.getMaxAllowedKeyLength(“AES”); System.out.println(maxKeyLen); Without the unlimited strength policy files this results in 128, after they have been installed properly the result is 2147483647.
Yes, but not with publicly documented classes. I’ve documented the process in this article. import sun.security.x509.*; import java.security.cert.*; import java.security.*; import java.math.BigInteger; import java.util.Date; import java.io.IOException /** * Create a self-signed X.509 Certificate * @param dn the X.509 Distinguished Name, eg “CN=Test, L=London, C=GB” * @param pair the KeyPair * @param days how many days … Read more
In the same spirit as the answer of Dan Cruz, but with a single line of code and without going trough exceptions: boolean limit = Cipher.getMaxAllowedKeyLength(“RC5”)<256; So a complete program might be: import javax.crypto.Cipher; public class TestUCE { public static void main(String args[]) throws Exception { boolean unlimited = Cipher.getMaxAllowedKeyLength(“RC5”) >= 256; System.out.println(“Unlimited cryptography enabled: … Read more
I would use your suggested code, but with a slight simplification: KeyGenerator keyGen = KeyGenerator.getInstance(“AES”); keyGen.init(256); // for example SecretKey secretKey = keyGen.generateKey(); Let the provider select how it plans to obtain randomness – don’t define something that may not be as good as what the provider has already selected. This code example assumes (as … Read more