Where are the AES 256-bit cipher suites? Please someone help

最新推荐文章于 2023-05-27 15:48:38 发布
最新推荐文章于 2023-05-27 15:48:38 发布
阅读量860 收藏
点赞数
CC 4.0 BY-SA版权
文章标签: java ldap
原文链接:http://www.cnblogs.com/kungfupanda/archive/2011/05/15/2047032.html
本文详细记录了在使用JDK1.4.2创建SSLServerSocket并尝试启用256位AES加密套件时遇到的问题及解决方案。文中提及,在默认配置下,TLS_DHE_RSA_WITH_AES_256_CBC_SHA加密套件不可用,通过安装无限制强度的Java Cryptography Extension (JCE)策略文件,成功启用了高级加密套件。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

 

Please help me with this simple problem. I'm trying to create an SSLServerSocket that is enabled with the 2 AES 256-bit cipher suites that are supposed to be available in JDK1.4.2. As you can see in the following code, when the program attempts to enable the SSLServerSocket, ss, with CIPHER_SUITES, an exception occurs. The exception basically says that the TLS_DHE_RSA_WITH_AES_256_CBC_SHA cipher suite wasn't found. What's up?

__

String[] PROTOCOLS = {"SSLv3", "TLSv1"};

String[] CIPHER_SUITES = {"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",

"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",

"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",

"TLS_RSA_WITH_AES_256_CBC_SHA",

"TLS_RSA_WITH_AES_128_CBC_SHA",

"SSL_RSA_WITH_3DES_EDE_CBC_SHA"};

// create an SSLServerSocket ss

SSLContext context = SSLContext.getInstance("TLS", "SunJSSE");

context.init(myKeyManagers, myTrustManagers, SecureRandom.getInstance("SHA1PRNG", "SUN"));

SSLServerSocketFactory ssFactory = context.getServerSocketFactory();

SSLServerSocket ss = ssFactory.createServerSocket();

ss.setEnabledProtocols(PROTOCOLS);

ss.setEnabledCipherSuites(CIPHER_SUITES);// EXCEPTION OCCURS HERE (exception output is printed below)

// output a bunch of useful debugging information

System.out.println(System.getProperty("java.version") + "\n");

 

Provider[] providers = Security.getProviders();

for(int i=0; i < providers.length; ++i)

System.out.println(providers[i] + "\n" + providers[i].getInfo() + "\n********************");

String[] enabledProtocols = ss.getEnabledProtocols();

for(int i=0; i < enabledProtocols.length; ++i)

System.out.println(enabledProtocols[i]);

String[] enabledCipherSuites = ss.getEnabledCipherSuites();

for(int i=0; i < enabledCipherSuites.length; ++i)

System.out.println(enabledCipherSuites[i]);

_

OUTPUT

java.lang.IllegalArgumentException: Cannot support TLS_DHE_RSA_WITH_AES_256_CBC_SHA with currently installed providers

at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuites(DashoA6275)

at test.util.ConcreteSSLServerSocketFactory.initSocket(ConcreteSSLServerSocketFactory.java:111)

at test.util.ConcreteSSLServerSocketFactory.createServerSocket(ConcreteSSLServerSocketFactory.java:100)

at test.Test.init(Test.java:151)

at test.Test.main(Test.java:111)

JRE Version

1.4.2

Security Providers

SUN version 1.42

SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)

********************

SunJSSE version 1.42

Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)

********************

SunRsaSign version 1.42

SUN's provider for RSA signatures

********************

SunJCE version 1.42

SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)

********************

SunJGSS version 1.0

Sun (Kerberos v5)

********************

Enabled Protocols

SSLv3

TLSv1

Enabled Cipher Suites

SSL_RSA_WITH_RC4_128_MD5

SSL_RSA_WITH_RC4_128_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

SSL_RSA_WITH_3DES_EDE_CBC_SHA

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

SSL_RSA_WITH_DES_CBC_SHA

SSL_DHE_RSA_WITH_DES_CBC_SHA

SSL_DHE_DSS_WITH_DES_CBC_SHA

SSL_RSA_EXPORT_WITH_RC4_40_MD5

SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

 

 

Hey, self. Why don't you try using the Unlimited Strength Cryptography Files

The jre you are using does not have the advanced ciphers enabled.

Unlimited strength Java Cryptography Extenstion(JCE) Policy Files

Due to import control restrictions, the version of JCE policy files that are bundled in the JDK(TM) 6 environment allow "strong" but limited cryptography to be used. For our usage, we need to download a bundle that provide "unlimited strength" policy fies which contain no restrictions on cryptographic strengths.

Here are the installation instruction:

  1. Download the latest unlimited strength JCE policy files from Sun here
  2. Uncompress and extract the downloaded file. This will create a subdirectory called jce. This directory contains the following files:
    • README.txt
    • COPYRIGHT.html
    • local_policy.jar- Unlimited strength local policy file
    • US_export_policy.jar- Unlimited strength US export policy file
  3. Install the unlimited strength policy JAR files.

    To utilize the encryption/decryption functionalities of the JCE framework without any limitation, first make a copy of the original JCE policy files (US_export_policy.jar and local_policy.jar in the standard place for JCE jurisdiction policy JAR files) in case you later decide to revert to these "strong" versions. Then replace the strong policy files with the unlimited strength versions extracted in the previous step.

    The standard place for JCE jurisdiction policy JAR files is:
    • /lib/security [Unix]
    • \lib\security [Win32]
  4. For detailed informatation on downloading JCE files goto C:\Program Files\Common Files\WatchGuard\java\j2re1.6.0_05\lib\security and refer the readme.txt file [Assuming wsm is installed under c:\Program Files\Watchguard ].

 

转载于:https://www.cnblogs.com/kungfupanda/archive/2011/05/15/2047032.html

SSH密钥未发现no matching cipher found. Their offer: aes256-cbc,aes128-cbc,3des-cbc,des-cbc
子非鱼39938的博客
08-03 9467
SSH密钥协商失败,此问题为密钥类型缺失导致,现在遇到的类型有如下几个 1、Their offer: aes256-cbc,aes128-cbc,3des-cbc,des-cbc Unable to negotiate with xx.xx.xx.xx port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,3des-cbc,des-cbc 无法与xx.xx.xx.xx 端口22协商:未找到匹配的密码。他们的报价:AE
AES-256-CBC 加密解密
09-06 1万+
//AES加密/解密 //在线AES加密解密工具。 // AES采用对称分组密码体制, // 密钥长度支持为128/192/256bits。 // 用户密钥长度不足时,平台将以0x00自动填充。 // IV也一样,自动填充,超出部分将被忽略。 // 加密时会将明文数据按16byte进行分组, ...
Android中AES加密算法
xingkong_hdc的博客
03-01 1431
Android中AES的使用 常见的加密算法大致有两种,一种是对称加密算法如AES,另一种是非对称加密算法如RSA。在对称加密算法中,加密与解密的密钥是相同的。密钥是绝对不可以泄漏的,否则会被攻击者还原密文,窃取机密数据。非对称加密算法需要两个密钥:公开密钥(publickey)和私有密钥(privatekey)。公开密钥与私有密钥是一对,如果用公开密钥对数据进行加密,只有用对应的私有密钥才能解...
安装 JAVA CRYPTOGRAPHY EXTENSION (JCE) UNLIMITED STRENGTH
andyguan01_2的博客
03-08 8757
JCE(Java Cryptography Extension)是一组包,它们提供用于加密、密钥生成和协商以及 Message Authentication Code(MAC)算法的框架和实现。 它提供对对称、不对称、块和流密码的加密支持,它还支持安全流和密封的对象。它不对外出口,用它开发完成封装后将无法调用。 安装JCE步骤: 1、打开以下网址,下载JCE压缩包: http://www.or...
you have not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy
暗夜91的博客
04-07 5979
Reason: Encryption raised an exception. A possible cause is you are using strong encryption algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction ...
Decryption error (do you have the JCE Unlimited Strength Jurisdiction Policy Files installed?)
gpweixing的博客
05-27 855
Decryption error (do you have the JCE Unlimited Strength Jurisdiction Policy Files installed?) 错误处理
aesjava源码-AESCipher-iOS:Objective-C和Java之间的AES加密
06-04
java源码AESCipher-iOS Objective-C 的 AES 加密 将此代码用于iOS以及Android和Java 后端,您可以使用 AES 准确地加密和解密。 用 C 风格编码只是为了安全。 加密: // For String NSString * aesEncryptString...
AESencryption:AES256bit加密和解密
05-24
AES256位加密是AES的一种变体,提供极高的安全性,常用于存储敏感信息和保护关键数据。 **AES加密过程** AES加密采用块加密方式,每个数据块大小为128位(16字节)。AES256位加密意味着在加密过程中使用了256位的...
node.js aes-256-cbc 加密 解密
____
05-13 4532
需求 使用 node.js 进行AES 加密解密,代码如下 代码 // Nodejs encryption with CTR const crypto = require('crypto'); const algorithm = 'aes-256-cbc'; const keyStr = '2ba27190770c3203a3094b1d212f5e2f' const ivStr = keyStr.substr(0, 16) const keyByte = Buffer.from(keyStr) const
openssl密码套件详解
humanhaunt的博客
09-24 1万+
说起加密套件(CipherSuite)这个词可能会比较陌生,但是说起ssl/tls可能就是一个众所周知的词汇了,我们知道ssl/tls是经常被用在http协议上以使http协议升级为安全的https协议,ssl协议呢也有自己的握手协商的过程,而这个握手协商的过程呢。就会使用到很多的加密算法,MAC算法,认证算法等等,而加密套件呢就可以理解为是这一些列密码算法的打包形式,其实密码算法的实现有很多,但是目前最主流的实现还是openssl,该文是以openssl来讲解的,有兴趣的可以了解一下其他的实现。 先说用法
java JCE 不限密钥长度解决办法
12-10 5692
(翻墙)转自http://opensourceforgeeks.blogspot.com/2014/09/how-to-install-java-cryptography.html 另外,在StackOverflow上也有相关讨论,并提供了反射实现代码 https://stackoverflow.com/questions/25959948/local-policy-jar-and-us-ex...
AES加密限制文件解决方法
iteye_5347的博客
10-25 496
Java Security: Illegal key size or default parameters?   I had asked a question about this earlier, but it didn't get answered right and led nowhere. So I've clarified few details on the ...
incc与oracle连接_Oracle 12c CC安装碰见的认证问题
weixin_39762348的博客
12-29 355
维护的系统增加,导致对应需要维护的开发数据库环境也增加了,为了简化管理和监控,搭建图形化管理平台,是一种不错的解决方案,我们知道,11g就有了GC(Grid Control),发展到现在,已经有了12c CC和13c CC(Cloud Control)。这两篇文章,介绍了安装12c CC的整个流程。这次要说的是,由于机房搬迁,需要用新的机器来搭建,但即使安装步骤,和之前一样,运行到62%的时候,总...
java jce配置_java JCE 不限密钥长度解决办法
weixin_39628186的博客
02-24 654
()转自http://opensourceforgeeks.blogspot.com/2014/09/how-to-install-java-cryptography.html另外,在StackOverflow上也有相关讨论,并提供了反射实现代码https://stackoverflow.com/questions/25959948/local-policy-jar-and-us-export-p...
jasypt-spring-boot-starter中踩坑问题
qq_35478750的博客
01-24 2286
jasypt-spring-boot-starter中,加解密的依赖正常但是一直报错问题。根因是需要开启限制。
aes256加密_关于ssl证书使用的加密套件
weixin_39837867的博客
11-24 1320
一、ciphers是配置ssl证书所需的加密套件,基于OpenSSL。用户可以控制在协商TLS连接时要考虑的密码。使已知密码的名称根据libcurl构建TLS后端。SSL协议有sslv2, sslv3, tlsv1, tlsv1.1和tlsv1.2。目前推荐使用的有tlsv1.2,其它协议都存在各种安全漏洞。在每种SSL协议中,又包括了一系列的加密算法,也即是ciphers suite。SSL3 ...
Oracle 12c CC安装碰见的认证问题
热门推荐
bisal的专栏
10-02 1万+
维护的系统增加,导致对应需要维护的开发数据库环境也增加了,为了简化管理和监控,搭建图形化管理平台,是一种不错的解决方案,我们知道,11g就有了GC(Grid Control),发展到现在,已经有了12c CC和13c CC(Cloud Control)。这两篇文章,介绍了安装12c CC的整个流程。Oracle 12c CC安装部署攻略 (上)Oracle 12c CC安装部署攻略 (下)这次要说
如何在Java中正确实现AES-256加密算法?
最新发布
11-16
Java中实现AES-256加密算法通常需要使用`javax.crypto.Cipher`和`javax.crypto.spec.SecretKeySpec`类。以下是基本步骤: 1. 导入必要的包: ```java import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; import java.security.Key; import java.util.Base64; ``` 2. 获取密钥(这里假设你已经有了一个256位的密钥,例如从Base64解码得到`byte[] keyBytes = Base64.getDecoder().decode("your_encoded_key");`): ```java Key secretKey = new SecretKeySpec(keyBytes, "AES"); ``` 注意选择正确的算法名称,这里是"AES"。 3. 初始化Cipher对象并设置操作模式(ENCRYPT/DECRYPT): ```java Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); ``` CBC模式是一种常用的块密码模式,而PKCS5Padding是为了填充到块边界。 4. 设置初始化向量(IV),如果使用CBC模式,IV应该是随机生成的,并且在加密过程中必须保持不变: ```java byte[] iv = ... // 生成一个固定大小的随机字节数组 cipher.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(iv)); // 或者 Cipher.DECRYPT_MODE ``` 5. 加密或解密数据: ```java byte[] input = ... // 要加密的数据 byte[] encryptedData = cipher.doFinal(input); ``` 如果需要将加密后的数据转换为字符串以便传输,可以使用Base64编码: ```java String encodedData = Base64.getEncoder().encodeToString(encryptedData); ``` 同样,解密时先解码再用相同的cipher实例: ```java byte[] decodedData = Base64.getDecoder().decode(encodedData); cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv)); byte[] decryptedData = cipher.doFinal(decodedData); ```
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值