Why Does My Java Code Throw an `InvalidKeyException: Illegal Key Size` on My TeamCity Server but Not My MacBook Pro?

InvalidKeyException: Illegal Key Size

Question:

While running a test on a continuous integration TeamCity server, an error occurred: "java.security.InvalidKeyException: Illegal key size." This error did not occur when running the test on a MacBook Pro. Both environments use Java 1.6 and the BouncyCastle library.

Answer:

The error is due to restrictions on cryptography key sizes imposed by the Java virtual machine's policy, which complies with US export laws.

Solution:

Java 9 and Higher:

• The Unlimited Strength Jurisdiction Policy Files are included with Java 9 and higher by default.
• If the error persists, check the java.security file and ensure that "crypto.policy=unlimited" is uncommented or included.

Java 8 Update 161 and Higher:

• The Unlimited Strength Jurisdiction Policy is enabled by default.
• If the error occurs, check the java.security file for any changes to the policy configuration.

Java 8 Update 151 and Higher:

• The Unlimited Strength Jurisdiction Policy is included but not used by default.
• To enable it, uncomment "crypto.policy=unlimited" in the java.security file.
• Restart the JVM for the changes to take effect.

Java 8 Update 144 and Earlier:

• Install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle.
• Uncompress the downloaded file and copy the "local_policy.jar" and "US_export_policy.jar" files to the appropriate security directory (e.g., /lib/security).
• Restart the JVM to apply the new policy.

BouncyCastle Solution:

• Switch to using the BouncyCastle classes directly, instead of the BC provider. This method circumvents the key size limitations.

The above is the detailed content of Why Does My Java Code Throw an `InvalidKeyException: Illegal Key Size` on My TeamCity Server but Not My MacBook Pro?. For more information, please follow other related articles on the PHP Chinese website!