|Applies To||RSA Adaptive Authentication (On Premise) |
This error occurs usually after upgrade or new install in the system and is observed if Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files are not used by the application.
|Issue||To fix error "CryptEngine - Caught exception during cipher create/init: Illegal key size" in Scheduler logs|
RSA is returning only one deviceTokenCookie for all users and EVENT_TYPES
CryptEngine - Caught exception during cipher create/init: Illegal key size.
Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files are needed while cipher creation and cause the issue.
|Resolution||Users can avoid these exceptions by installing Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files. |
Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JDK version, as shown below :
For JDK 1.6 go to http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html and download jce_policy-6.zip.
For IBM JDK 6 1. go to https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk and click the link under IBM SDK Policy files
You need IBM credentials to log in to the Unrestricted JCE policy files site, once logged in, select Unrestricted JCE Policy files for SDK for all newer versions (Version 1.6).
Click Continue, and then click Download now to download the zip file.
For BEA JDK go to https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy-1.5.0-oth-JPR@CDS-CDS_Developer and download jce_policy-1_5_0.zip
Extract the local_policy.jar and US_export_policy.jar files in the zip file to the $JAVA_HOME/jre/lib/security directory.
These files already exist in this directory. You must overwrite them.
Lastly restart the application server, and re-invoke the secured service, the invalidkeyException does not occur.
|Notes||The issue with Same Device Token Cookie and Cipher errors are related and can be resolved by this fix. These changes are also mentioned in the Prerequisites of AAOP Install/Upgrade Guide.|
|Legacy Article ID||a67722|