Solve Illegal key size or default parameters

Solve Illegal key size or default parameters

When first time I was working on AES 256 bit encyrption, I faced above exception. I tried everything and was frustrated what is the main cause. Then I reasearhed little bit on this, and found this has to do with "Java Cryptography Extension (JCE) Unlimited Strength Policy Files".

So, What is JCE Unlimited Strength Policy?

So when you install JDK / JRE on your machine a normal version of JCE policy jars is included which doesn't support higher bit (256 in my case) encryption / decryption. The reason behind this is, US has restrictions on the export of cryptographic technology:

They used to be very strict -- cryptography was classified as munitions, and you can only download the full strength products from the US and other white-listed countries.

Restrictions have eased up a lot since then, but some remain.

So how can you solve this?

  1. If you are on Java 7 and / or old version then you should manually download the JCE policy jars, and extract the jar files from the zip and save them in ${java.home}/jre/lib/security/.
       Download links:

Uff...😞.lots of work....!

Now here is good news. If you are using Java 8u151 or later you already have JCE jars in your JRE/lib/security/.

So if you look at your folder structure its now as below:


so the above folder already have respective strength JCE policy jars. So crypto.policy is the property which controls the JCE jurisdiction strength. By default the property is undefined. So if dont have JCE policy jars in your ${java.home}/jre/lib/security/ , limited strength is enabled. To enable unlimited cryptography, one can use the new crypto.policy Security property. . 

So just open the file and search for property "crypto.policy".

and just uncomment the below line:


Now you can use unlimited length encryption / decryption.