|Applies To||BSAFE/Crypto-J 4.0|
Java Cryptography Extension (JCE) Provider
|Issue||How to fix FIPS 140 self verification integrity test failures|
Exception in thread "main" java.security.NoSuchAlgorithmException: No such algorithm: AES/CBC/PKCS5Padding
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: AES, provider: JsafeJCE, class: com.rsa.cryptoj.s.HJ)
... 4 more
Caused by: java.lang.SecurityException: An internal FIPS 140 self-verification test has failed. Algorithm AES has been disabled.
|Cause||Crypto-J support key sizes which are not supported by the limited strength jurisdiction policy files that ship with Sun JDKs. If the unlimited strength jurisdiction policy files are not installed, the FIPS self-tests will fail when trying to test with these key sizes.|
From page 6 of the Crypto-J 4.0 Installation Guide (install.pdf):
Jurisdiction Policy files must be downloaded and installed. The Unlimited Strength Jurisdiction Policy Files are required to build and run the samples in this release. The JDK version installed determines the Jurisdiction Policy File to download. The following table lists the JDK versions and the corresponding download location.
On Windows, these files need to be installed in the [JDK Directory]\jre\lib\security folder.
|Legacy Article ID||a40475|