JDK-5049695 : KeyAgreement.generateSecret(String algorithm) doesn't support known algorithms
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 1.4.2
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2004-05-19
  • Updated: 2004-05-19
  • Resolved: 2004-05-19
Related Reports
Duplicate :  
JDK-4936763 - Diffie Hellman Key Agreement doesn't generate keys for AES cipher
Description
Name: js151677			Date: 05/19/2004


FULL PRODUCT VERSION :
java version "1.4.2_04"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_04-b05)
Java HotSpot(TM) Client VM (build 1.4.2_04-b05, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]

A DESCRIPTION OF THE PROBLEM :
Using a Diffie-Hellman key agreement to generate SecretKeys I found that some algorithms known to the JRE, in particular AES are not supported by the KeyAgreement generateSecret(String algorithm) method.  Enumerating providers and services shows that a there is a Key Generator for AES.

Also there does not appear to be a way to specify the key length for the SecretKey generated by the above method, AES supports at least 128 bit and 256 bit keys according to the java Docs. (It should support 192 bit as well, but that is not documented, and I have not attempted it)

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Use this code http://www.javaalmanac.com/egs/java.security/ListServices.html  to list KeyGenerators.  Note the inclusion of AES.

Use this code http://www.javaalmanac.com/egs/javax.crypto/KeyAgree.html
 but replace the algorithm="DES" with algorithm= "AES" and see that it fails.


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
All known symmetric key generators (as per http://www.javaalmanac.com/egs/javax.crypto/ListKeyGen.html) should be supported.
ACTUAL -
Unsupported secret key algorithm: AES

ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.security.NoSuchAlgorithmException: Unsupported secret key algorithm: AES
   at com.sun.crypto.provider.DHKeyAgreement.engineGenerateSecret(DashoA6275)
   at javax.crypto.KeyAgreement.generateSecret(DashoA6275)
...

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
Found here:  http://www.javaalmanac.com/egs/javax.crypto/KeyAgree.html

replace algorithm="DES" with algorithm="AES"
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
use byte [] secret = ka.generateSecret();
as a seed and explicitly create a "AES" KeyGenerator
(Incident Review ID: 265224) 
======================================================================
Comments
WORK AROUND ###@###.### 2004-05-19 One easy workaround is to rely on the KeyAgreement.generateSecret() method which returns a byte[] and then use the particular byte[] to explicity construct a secret key object through SecretKeySpec class, e.g. byte[] rawValue = keyAgreement.generateSecret(); // assuming desiring 128-bit AES key SecretKey key = new SecretKeySpec(rawValue, 0, 16, "AES");
01-09-2004
EVALUATION ###@###.### 2004-05-19 The current KeyAgreement API does not handle multi-key-size algorithms such as "AES" well. There is already bug4936763 filed on the same issue. Will close this one as duplicate.
19-05-2004