000012051 - To fix error 'CryptEngine - Caught exception during cipher create/init: Illegal key size' in Scheduler logs. - RSA Adaptive Authentication (On Premise)

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012051
Applies ToRSA Adaptive Authentication (On Premise) 
This error occurs usually after upgrade or new install in the system and is observed if Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files are not used by the application.
IssueTo fix error "CryptEngine - Caught exception during cipher create/init: Illegal key size" in Scheduler logs
RSA is returning only one deviceTokenCookie for all users and EVENT_TYPES
CryptEngine - Caught exception during cipher create/init: Illegal key size.
Cause
Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files are needed while cipher creation and cause the issue.
ResolutionUsers can avoid these exceptions by installing Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.

Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JDK version, as shown below : 

     For JDK 1.6 go to http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html and download jce_policy-6.zip.
     For IBM JDK 6 1. go to https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk and click the link under IBM SDK Policy files
You need IBM credentials to log in to the Unrestricted JCE policy files site, once logged in, select Unrestricted JCE Policy files for SDK for all newer versions (Version 1.6).
Click Continue, and then click Download now to download the zip file.

      For BEA JDK go to https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy-1.5.0-oth-JPR@CDS-CDS_Developer and download jce_policy-1_5_0.zip

Extract the local_policy.jar and US_export_policy.jar files in the zip file to the $JAVA_HOME/jre/lib/security directory.
These files already exist in this directory. You must overwrite them.
Lastly restart the application server, and re-invoke the secured service, the invalidkeyException does not occur.
NotesThe issue with Same Device Token Cookie and Cipher errors are related and can be resolved by this fix. These changes are also mentioned in the Prerequisites of AAOP Install/Upgrade Guide.
Legacy Article IDa67722

Attachments

    Outcomes