JDK-7022467 : SecretKeyFactory doesn't support algorithm "AES" on Windows and Linux
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2011-02-25
  • Updated: 2017-05-16
  • Resolved: 2011-05-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7 b134Fixed
Related Reports
Relates :  
The CCC 5001004 integrated in JDK7 b130 defines the following security algorithm requirements for javax.crypto.SecretKeyFactory: AES DES DESede
The algorithm "AES" is not supported on Windows and Linux.

Please see the following code:
import java.security.NoSuchAlgorithmException;
import javax.crypto.SecretKeyFactory;
public class SKF {
    public static void main(String[] args) {
        String[] algorithms = {"AES", "DES", "DESede"};
        for (String alg : algorithms) {
            try {
            } catch (NoSuchAlgorithmException e) {

It's output on Windows and Linux is:
java.security.NoSuchAlgorithmException: AES SecretKeyFactory not available
	at javax.crypto.SecretKeyFactory.<init>(SecretKeyFactory.java:108)
	at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:146)
	at SKF.main(SKF.java:11)

EVALUATION This is failing because there is no Java implementation of AES SecretKeyFactory in the JDK. On Solaris it works because there is a PKCS11 implementation. We should not include this as a required algorithm - this was a mistake. An AES SecretKeyFactory implementation does not provide much value, since developers can use a generic SecretKeySpec object to create an AES key and don't really need a SecretKeyFactory. I will file a CCC and remove this from the required algorithms.