解决java.security.InvalidKeyException: Illegal key size

1.1.8.0_151 以上版本的解决方案1.无需去官网下载local_policy.jarUS_export_policy.jar这个 jar 包只需要修改Java\jdk1.8.0_151\jre\lib\security这目录下的java.security文件配置即可crypto.policyunlimited2.下载官方jar包替换 替换路径 jdk1.8\jre\lib\security下的 local_policy.jar 和 US_export_policy.jarhttps://www.oracle.com/java/technologies/javase-jce8-downloads.html3.如果上述方法都解决不了的话 可以通过反射修改AES限制package com.qingfengche.freight.test; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; import java.lang.reflect.Field; import java.lang.reflect.Modifier; import java.nio.charset.StandardCharsets; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.Security; import java.util.Base64; import java.util.Map; public class AES256Compatible { private static final String AES_ALGORITHM AES/CBC/PKCS5Padding; private static final int AES_256_KEY_SIZE 256; public static void main(String[] args) throws Exception { // 第一步通用解锁AES-256限制兼容多JDK版本 unlockAES256(); // 第二步生成256位AES密钥此时不会报长度错误 SecretKey aes256Key generateAESKey(AES_256_KEY_SIZE); System.out.println(生成的256位密钥Base64 Base64.getEncoder().encodeToString(aes256Key.getEncoded())); // 第三步生成IV向量 IvParameterSpec iv generateIV(); // 第四步加密解密测试 String plainText 测试AES-256加密修复NoSuchFieldException; String cipherText encrypt(plainText, aes256Key, iv); String decryptedText decrypt(cipherText, aes256Key, iv); System.out.println(原文 plainText); System.out.println(加密后 cipherText); System.out.println(解密后 decryptedText); } /** * 通用解锁AES-256限制适配JDK7/8不同版本 */ private static void unlockAES256() { try { // 方式1修改Security的密钥长度限制优先 Class? secClass Class.forName(javax.crypto.JceSecurity); Field isRestrictedField secClass.getDeclaredField(isRestricted); Field modifiersField Field.class.getDeclaredField(modifiers); modifiersField.setAccessible(true); modifiersField.setInt(isRestrictedField, isRestrictedField.getModifiers() ~Modifier.FINAL); isRestrictedField.setAccessible(true); isRestrictedField.set(null, false); // 方式2清空密钥长度限制的map备用 Field defaultPolicyField secClass.getDeclaredField(defaultPolicy); defaultPolicyField.setAccessible(true); Map?, ? defaultPolicy (Map?, ?) defaultPolicyField.get(null); defaultPolicy.clear(); } catch (NoSuchFieldException e) { // 若上面的字段不存在尝试另一种适配方式JDK8u91 try { Class? cryptoPolicyClass Class.forName(javax.crypto.CryptoPermissions); Field permsField cryptoPolicyClass.getDeclaredField(perms); permsField.setAccessible(true); Map?, ? perms (Map?, ?) permsField.get(null); if (perms ! null) { perms.clear(); } } catch (Exception e2) { // 忽略字段不存在的异常说明JDK已解锁无需处理 System.out.println(当前JDK无需解锁AES-256跳过反射 e2.getMessage()); } } catch (Exception e) { // 所有反射失败都忽略说明JDK版本无需解锁 System.out.println(反射解锁失败无需处理 e.getMessage()); } } /** * 生成指定长度的AES密钥 */ private static SecretKey generateAESKey(int keySize) throws NoSuchAlgorithmException { // 强制设置SecureRandom避免伪随机 SecureRandom secureRandom SecureRandom.getInstanceStrong(); KeyGenerator keyGen KeyGenerator.getInstance(AES); // 核心设置256位密钥长度 keyGen.init(keySize, secureRandom); return keyGen.generateKey(); } /** * 生成16位IV向量 */ private static IvParameterSpec generateIV() { byte[] iv new byte[16]; new SecureRandom().nextBytes(iv); return new IvParameterSpec(iv); } /** * AES-256加密 */ private static String encrypt(String plainText, SecretKey key, IvParameterSpec iv) throws Exception { Cipher cipher Cipher.getInstance(AES_ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, key, iv); byte[] encryptedBytes cipher.doFinal(plainText.getBytes(StandardCharsets.UTF_8)); return Base64.getEncoder().encodeToString(encryptedBytes); } /** * AES-256解密 */ private static String decrypt(String cipherText, SecretKey key, IvParameterSpec iv) throws Exception { Cipher cipher Cipher.getInstance(AES_ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, key, iv); byte[] decryptedBytes cipher.doFinal(Base64.getDecoder().decode(cipherText)); return new String(decryptedBytes, StandardCharsets.UTF_8); } }