[java] java.security.InvalidKeyException: Illegal key size ▶ AES256암호화/복호화 시 오류 해결 방법

[java] java.security.InvalidKeyException: Illegal key size

암호화 사용시 다음과 같은 에러가 발생하는 경우가 있죠.
이럴 경우 해당

 InvalidKeyException
Input Message. custInfoVOStr Encrypt : {"isSuccessDecrypt":"N"}
java.security.InvalidKeyException: Illegal key size
         at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1024)
         at javax.crypto.Cipher.implInit(Cipher.java:790)
         at javax.crypto.Cipher.chooseProvider(Cipher.java:849)
         at javax.crypto.Cipher.init(Cipher.java:1348)
         at javax.crypto.Cipher.init(Cipher.java:1282)

 

JDK 6 Policy Files
https://www.oracle.com/java/technologies/jce-6-download.html

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6

 

JDK 7 Policy Files
https://www.oracle.com/java/technologies/javase-jce7-downloads.html

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download

 

JDK 8 u151 이하 Policy Files
https://www.oracle.com/java/technologies/javase-jce8-downloads.html

JCE Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8 Download

 

 

 

 

 

http://www.oracle.com/technetwork/java/javase/downloads/index.html

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8
You must accept the Oracle Binary Code License Agreement for the Java SE Platform Products to download this software. <form name="agreementFormjce-8-oth-JPR" class="lic_form" action="radio" method="post"><input name="agreementjce-8-oth-JPR" type="radio" value="on" />  Accept License Agreement    <input name="agreementjce-8-oth-JPR" type="radio" value="on" />   Decline License Agreement</form> Thank you for accepting the Oracle Binary Code License Agreement for the Java SE Platform Products; you may now download this software.
Product / File Description	File Size	Download
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8	0.01 MB	jce_policy-8.zip

 

위에서 jce_policy-8.zip 파일을 다운로드 한 후 압축을 풀게 되면 ReadMe.txt 파일이 있는데요.

해당 파일의 내용을 읽어보면 어떻게 해야하는지에 대해서 아주 자세히 나와 있습니다.

 

요는...

US_export_policy.jar and local_policy.jar
위의 두개 파일을 <java-home>/lib/security 
폴더에 위치시키면 됩니다.

  Unlimited Strength Java(TM) Cryptography Extension Policy Files
  for the Java(TM) Platform, Standard Edition Runtime Environment 8

 

README.txt

아래는 패키지에 포함된 README.txt 파일의 내용입니다.

                               README

----------------------------------------------------------------------
CONTENTS
----------------------------------------------------------------------

     o Introduction
     o License and Terms
     o Understanding The Export/Import Issues
     o Where To Find Documentation
     o Installation
     o Questions, Support, Reporting Bugs

----------------------------------------------------------------------
Introduction
----------------------------------------------------------------------

Thank you for downloading the Unlimited Strength Java(TM) Cryptography
Extension (JCE) Policy Files for the Java(TM) Platform, Standard
Edition (Java SE) Runtime Environment 8.

Due to import control restrictions of some countries, the version of
the JCE policy files that are bundled in the Java Runtime Environment,
or JRE(TM), 8 environment allow "strong" but limited cryptography to be
used. This download bundle (the one including this README file)
provides "unlimited strength" policy files which contain no
restrictions on cryptographic strengths.

Please note that this download file does NOT contain any encryption
functionality as all such functionality is contained within Oracle's
JRE 8. This bundles assumes that the JRE 8 has already been installed.

----------------------------------------------------------------------
License and Terms
----------------------------------------------------------------------

This download bundle is part of the Java SE Platform products and is
governed by same License and Terms notices. These notices can be found
on the Java SE download site:

    http://www.oracle.com/technetwork/java/javase/documentation/index.html

----------------------------------------------------------------------
Understanding The Export/Import Issues
----------------------------------------------------------------------

JCE for Java SE 8 has been through the U.S. export review process.  The
JCE framework, along with the various JCE providers that come standard
with it (SunJCE, SunEC, SunPKCS11, SunMSCAPI, etc), is exportable.

The JCE architecture allows flexible cryptographic strength to be
configured via jurisdiction policy files. Due to the import
restrictions of some countries, the jurisdiction policy files
distributed with the Java SE 8 software have built-in restrictions on
available cryptographic strength. The jurisdiction policy files in this
download bundle (the bundle including this README file) contain no
restrictions on cryptographic strengths.  This is appropriate for most
countries. Framework vendors can create download bundles that include
jurisdiction policy files that specify cryptographic restrictions
appropriate for countries whose governments mandate restrictions. Users
in those countries can download an appropriate bundle, and the JCE
framework will enforce the specified restrictions.

You are advised to consult your export/import control counsel or
attorney to determine the exact requirements.

----------------------------------------------------------------------
Where To Find Documentation
----------------------------------------------------------------------

The following documents may be of interest to you:

    o  The Java(TM) Cryptography Architecture (JCA) Reference Guide at:

       http://docs.oracle.com/javase/8/docs/technotes/guides/security

    o  The Java SE Security web site has more information about JCE,
       plus additional information about the Java SE Security Model.
       Please see:

       http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html

----------------------------------------------------------------------
Installation
----------------------------------------------------------------------

Notes:

  o Unix (Solaris/Linux/Mac OS X) and Windows use different pathname
    separators, so please use the appropriate one ("\", "/") for your
    environment.

  o <java-home> (below) refers to the directory where the JRE was
    installed. It is determined based on whether you are running JCE
    on a JRE or a JRE contained within the Java Development Kit, or
    JDK(TM). The JDK contains the JRE, but at a different level in the
    file hierarchy. For example, if the JDK is installed in
    /home/user1/jdk1.8.0 on Unix or in C:\jdk1.8.0 on Windows, then
    <java-home> is:

        /home/user1/jdk1.8.0/jre           [Unix]
        C:\jdk1.8.0\jre                    [Windows]

    If on the other hand the JRE is installed in /home/user1/jre1.8.0
    on Unix or in C:\jre1.8.0 on Windows, and the JDK is not
    installed, then <java-home> is:

        /home/user1/jre1.8.0               [Unix]
        C:\jre1.8.0                        [Windows]

  o On Windows, for each JDK installation, there may be additional
    JREs installed under the "Program Files" directory. Please make
    sure that you install the unlimited strength policy JAR files
    for all JREs that you plan to use.

Here are the installation instructions:

1)  Download the unlimited strength JCE policy files.

2)  Uncompress and extract the downloaded file.

    This will create a subdirectory called jce.
    This directory contains the following files:

        README.txt                   This file
        local_policy.jar             Unlimited strength local policy file
        US_export_policy.jar         Unlimited strength US export policy file

3)  Install the unlimited strength policy JAR files.

    In case you later decide to revert to the original "strong" but
    limited policy versions, first make a copy of the original JCE
    policy files (US_export_policy.jar and local_policy.jar). Then
    replace the strong policy files with the unlimited strength
    versions extracted in the previous step.

    The standard place for JCE jurisdiction policy JAR files is:

        <java-home>/lib/security           [Unix]
        <java-home>\lib\security           [Windows]

-----------------------------------------------------------------------
Questions, Support, Reporting Bugs
-----------------------------------------------------------------------

Questions
---------

For miscellaneous questions about JCE usage and deployment, we
encourage you to read:

    o Information on the Java SE Security web site

      http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html

    o The Oracle Online Community Forums, specifically the Java
      Cryptography forum. The forums allow you to tap into the
      experience of other users, ask questions, or offer tips to others
      on a variety of Java-related topics, including JCE. There is no
      fee to participate.

      http://forums.oracle.com/
      http://forums.oracle.com/forums/forum.jspa?forumID=964  (JCE
      forum)

Support
-------

For more extensive JCE questions or deployment issues, please contact
our Technical Support staff at:

    http://support.oracle.com

Reporting Bugs
--------------

To report bugs (with sample code) or request a feature, please see:

    http://bugs.sun.com/
    http://bugreport.sun.com/bugreport/

Bug reports with specific, reproducible test cases are greatly
appreciated!