United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-4807942 No way to dynamically determine the maximum allowable key length
JDK-4807942 : No way to dynamically determine the maximum allowable key length

Details
Type:
Enhancement
Submit Date:
2003-01-24
Status:
Resolved
Updated Date:
2003-08-17
Project Name:
JDK
Resolved Date:
2003-08-17
Component:
security-libs
OS:
windows_nt
Sub-Component:
javax.crypto
CPU:
x86
Priority:
P4
Resolution:
Fixed
Affected Versions:
1.4.0
Fixed Versions:
5.0 (tiger)

Related Reports

Sub Tasks

Description

Name: jl125535			Date: 01/24/2003


FULL PRODUCT VERSION :
java version "1.4.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-b92)
Java HotSpot(TM) Client VM (build 1.4.0-b92, mixed mode)


FULL OPERATING SYSTEM VERSION :
Windows NT Version 4.0
Service Pack 6a

ADDITIONAL OPERATING SYSTEMS :
All OSs


A DESCRIPTION OF THE PROBLEM :
I would like to request a means to determine whether a
given Cipher will support a specified keysize without
throwing an exception.

For example, say I'm presenting the user with a GUI widget
(JSlider, JTextField, whatever) that will allow them to
enter the desired keysize. After they enter the keysize,
they hit an 'Encrypt" button and the program goes off and
does something like the following:


int keysize = keySizeWidget.getValue()
KeyGenerator kg = KeyGenerator.getInstance("Blowfish");
kg.init(keysize );
SecretKey sk = kg.generateKey();
Cipher c = Cipher.getInstance("Blowfish");
c.init(Cipher.ENCRYPT_MODE,sk);

Now, if the user selects a keysize of 448, but only has the
default JRE 1.4 policy files (i.e. they haven't downloaded
the unlimited versions), then I get a SecurityException at
the call to c.init() reporting an unsupported keysize.
However, a long time passes before the exception is thrown,
and the user has no feedback when they provide the keysize
that the value will be rejected later when they hit the
encrypt button.

It would be nice to have something like the following
methods on Cipher (or wherever appropriate):

public static int getMaxAllowableKeysize(String
transformation){
/* returns the max keysize allowed given the current policy
files, i.e. if "Blowfish" is supplied as the
transformation, then the method will return 128 with the
exportable version of JCE, and 448 for the unlimited
strength version.
*/
}

public static boolean allowsKeysize(String transformation,
int keysize){
/* returns true if the specified keysize is allowed by the
given transformation with the current policy files, i.e. it
will return false if "Blowfish" is the transformation and
448 is the keysize when the exportable JCE policy files are
installed, but true if the unlimited stength files are
installed
*/
}


This bug can be reproduced always.

---------- BEGIN SOURCE ----------
int keysize = keySizeWidget.getValue()
KeyGenerator kg = KeyGenerator.getInstance("Blowfish");
kg.init(keysize );
SecretKey sk = kg.generateKey();
Cipher c = Cipher.getInstance("Blowfish");
c.init(Cipher.ENCRYPT_MODE,sk);
// exception is thrown by c.init().
// It would be nice to know if a keysize will be
// rejected before this point.
---------- END SOURCE ----------

CUSTOMER WORKAROUND :
One workaround is to create a bunch of sample keys for any
possible algorithms at application init time and try them
out to see if they throw unsupported keysize exceptions.
This is very slow.
(Review ID: 146568) 
======================================================================

                                    

Comments
EVALUATION


###@###.### 2003-01-27
This cannot be fixed for mantis.
Will review this for tiger
                                     
2003-01-27
CONVERTED DATA

BugTraq+ Release Management Values

COMMIT TO FIX:
tiger

FIXED IN:
tiger

INTEGRATED IN:
tiger
tiger-b16


                                     
2004-09-01



Hardware and Software, Engineered to Work Together