Announcement Announcement Module
Collapse
No announcement yet.
Unable to initialize due to invalid secret key Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to initialize due to invalid secret key

    Hi,
    I am using Spring social and I am trying to use the Encryptors.queryableText() to encrypt the accessTokens and secret keys. However the error "java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key" comes up, along with

    Code:
    Caused by: java.security.InvalidKeyException: Illegal key size
    	at javax.crypto.Cipher.a(DashoA13*..)
    	at javax.crypto.Cipher.a(DashoA13*..)
    	at javax.crypto.Cipher.a(DashoA13*..)
    	at javax.crypto.Cipher.init(DashoA13*..)
    	at javax.crypto.Cipher.init(DashoA13*..)
    	at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:105)
    	... 93 more
    After some investigation I found that the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 needs to be added in order to avoid the issue. I am not sure how to go about this. Any help is much appreciated.

    3.1.0.RC2.crypto is the crypto version I am using.

    Thanks in advance.

  • #2
    Originally posted by zindi View Post

    After some investigation I found that the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 5.0 needs to be added in order to avoid the issue. I am not sure how to go about this. Any help is much appreciated.
    Just download the files from the Java downloads site and copy them to your JDK. You will find detailed instructions elsewhere if you search.

    Comment


    • #3
      Thanks Luke, Had to just replace the files and its working.

      Comment


      • #4
        It's my understanding that this error occurs because Spring is trying to use AES-256 encryption, which isn't shipped by default in the JRE:

        The "standard" encryption method is 256-bit AES using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2).
        http://static.springsource.org/sprin...ce/crypto.html

        My question is: can the encryption method be changed to something that *is* shipped with the JRE? We don't really need "unlimited strength" encryption in our application, and it would be a lot easier to update the configuration than install the necessary JARs on all of the servers and developer workstations. The crypto module reference above seems to suggest that perhaps a "non-standard" encryption method is available, but I don't see any documentation regarding changing it.

        Comment

        Working...
        X