Name: iiR10263 Date: 11/13/2003



The specification describes the following exceptions that are thrown
by javax.crypto.Cipher.init(int, Key):

Throws:
InvalidKeyException - if the given key is inappropriate for
initializing this cipher, or if this cipher is being initialized for
decryption and requires algorithm parameters that cannot be determined
from the given key, or if the given key has a keysize that exceeds the
maximum allowable keysize (as determined from the configured
jurisdiction policy files).

The above means that if a Key argument is inappropriate for some
reason (for example key is invalid or contradicts system policy)
InvalidKeyException should be thrown.

Unfortunately current implementation throws SecurityException when
init(Cipher.ENCRYPT_MODE, (Key)...)
is called for Cipher objects of the PBEWITHMD5ANDTRIPLEDES algorithm.

Please find the code example that reproduses the situation and exception stack
trace below:
import java.io.PrintWriter;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

public class e2 {
 
    public static void main(String argv[]) {
        Key k;
        Cipher c;

        //String alg = "PBEWITHSHA1ANDDESEDE";
        String alg = "PBEWITHMD5ANDTRIPLEDES";

        byte[] salt = {
            (byte)0xc7, (byte)0x73, (byte)0x21, (byte)0x8c,
            (byte)0x7e, (byte)0xc8, (byte)0xee, (byte)0x99
        };
        int count = 20;
        String s = "My wonderfull password that is long enough. Tra-la-la, let me sing a song";
        
        try {
            int kl = Cipher.getMaxAllowedKeyLength(alg) / 8;
            String p = (kl >= s.length()) ? s: s.substring(0, kl);
            KeySpec ks = new PBEKeySpec(p.toCharArray(), salt, count, kl * 8);
        
            SecretKeyFactory skf =
                SecretKeyFactory.getInstance(alg);
     
            // PBE algorithm is symmetric.
            k = skf.generateSecret(ks);

            c = Cipher.getInstance(alg);
            
            c.init(Cipher.ENCRYPT_MODE, k);
            
            System.out.println("passed");
        } catch (Exception e) {
            e.printStackTrace(System.out);
        }


        return;
    }
}

java.lang.SecurityException: Unsupported keysize or algorithm parameters
        at javax.crypto.Cipher.a(DashoA6275)
        at javax.crypto.Cipher.a(DashoA6275)
        at javax.crypto.Cipher.a(DashoA6275)
        at javax.crypto.Cipher.a(DashoA6275)
        at javax.crypto.Cipher.init(DashoA6275)
        at javax.crypto.Cipher.init(DashoA6275)
        at e2.main(e2.java:32)


Note that if we change the algorithm to other password-based one
(PBEWITHSHA1ANDDESEDE) all works correct ("passed" appears).

java full version "1.5.0-beta-b26"

======================================================================