Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

java.io.IOException: java.security.InvalidKeyException: Illegal key size

java.io.IOException: java.security.InvalidKeyException: Illegal key size

New Contributor

I was given truststore.pem file by my company Hadoop cluster (managed by Cloudera) admin team.

 

From the above mentioned truststore.pem file I exported SSL certificate, which I then added to the keystore of my JAVA program, but when my JAVA program ettempts to executeorg.apache.hadoop.fs.FileSystem.createNewFile(FileSystem.java) I get java.security.InvalidKeyException (see below for more info).

 

 

Error calling org.apache.hadoop.fs.FileSystem.createNewFile(FileSystem.java:1151)

 

Exception:
java.io.IOException: java.security.InvalidKeyException: Illegal key size
at org.apache.hadoop.crypto.JceAesCtrCryptoCodec$JceAesCtrCipher.init(JceAesCtrCryptoCodec.java:116)
at org.apache.hadoop.crypto.CryptoOutputStream.updateEncryptor(CryptoOutputStream.java:206)
at org.apache.hadoop.crypto.CryptoOutputStream.<init>(CryptoOutputStream.java:102)
at org.apache.hadoop.crypto.CryptoOutputStream.<init>(CryptoOutputStream.java:112)
at org.apache.hadoop.hdfs.DFSClient.createWrappedOutputStream(DFSClient.java:1447)
at org.apache.hadoop.hdfs.DFSClient.createWrappedOutputStream(DFSClient.java:1431)
at org.apache.hadoop.hdfs.DistributedFileSystem$6.doCall(DistributedFileSystem.java:400)
at org.apache.hadoop.hdfs.DistributedFileSystem$6.doCall(DistributedFileSystem.java:393)
at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
at org.apache.hadoop.hdfs.DistributedFileSystem.create(DistributedFileSystem.java:393)
at org.apache.hadoop.hdfs.DistributedFileSystem.create(DistributedFileSystem.java:337)
at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:908)
at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:889)
at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:851)
at org.apache.hadoop.fs.FileSystem.createNewFile(FileSystem.java:1151)
at com.priceline.streaming.parquet.HdfsParquetWriter.validateDfsHealth(HdfsParquetWriter.java:248)
at com.priceline.streaming.parquet.HdfsParquetWriter.initializeDfs(HdfsParquetWriter.java:194)
at com.priceline.streaming.parquet.HdfsParquetWriter.write(HdfsParquetWriter.java:93)
at com.priceline.streaming.parquet.HdfsParquetWriterTest.testWrite(HdfsParquetWriterTest.java:38)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:675)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)
Caused by: java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)
at javax.crypto.Cipher.implInit(Cipher.java:805)
at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
at javax.crypto.Cipher.init(Cipher.java:1396)
at javax.crypto.Cipher.init(Cipher.java:1327)
at org.apache.hadoop.crypto.JceAesCtrCryptoCodec$JceAesCtrCipher.init(JceAesCtrCryptoCodec.java:113)
... 41 more

2 REPLIES 2

Re: java.io.IOException: java.security.InvalidKeyException: Illegal key size

Master Guru
> Caused by: java.security.InvalidKeyException: Illegal key size
> at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)

This is an issue caused by Java not shipping 256-bit key size support on AES by default [1]. Read more at http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#ExemptApps (select quote below):

"""
Due to import control restrictions by the governments of a few countries, the jurisdiction policy files shipped with the Java SE Development Kit 6 specify that "strong" but limited cryptography may be used. An "unlimited strength" version of these files indicating no restrictions on cryptographic strengths is available for those living in eligible countries (which is most countries). But only the "strong" version can be imported into those countries whose governments mandate restrictions. The JCA framework will enforce the restrictions specified in the installed jurisdiction policy files.
"""

Please visit http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html for JDK8 (or its equivalent page for JDK7 if you still use JDK7), download and apply them to your locally used JDK directory, and re-run your program over that JDK.

[1] - http://hg.openjdk.java.net/jdk8/jdk8/jdk/file/687fd7c7986d/src/share/classes/javax/crypto/Cipher.jav...

Re: java.io.IOException: java.security.InvalidKeyException: Illegal key size

New Contributor

After I upgraded my JDK with unlimited JCE policies and imported required certificate the problem is no more :-)