000033119 - RSA Adaptive Authentication (on Premise) 7.1 gives cipher not initialized errors

Document created by RSA Customer Support Employee on Jan 12, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033119
Applies ToRSA Product Set: Adaptive Authentication (On Premise)
RSA Version/Condition: 7.1
 
IssueNot replacing Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files results in "Cipher not initialized" error in /rsa/logs/aa_server.alarm.log and the rsa/logs/aa_server.log, as in the examples below:
From the aa_server.alarm.log
ERROR - [] | [] | [] | [SYSTEM_ERROR | Failed to initialize the context: java.lang.RuntimeException: java.lang.IllegalStateException: 
Cipher not initialized]

From the aa_server.log:
ERROR [PolicyEngineOnlineUpdater] [] [] [com.passmarksecurity.security.CryptEngine] - i
<Caught exception during cipher create/init: Illegal key size>
java.security.InvalidKeyException: Illegal key size
    at javax.crypto.Cipher.a(Unknown Source)
    at javax.crypto.Cipher.init(Unknown Source)
    at javax.crypto.Cipher.init(Unknown Source)
    at com.passmarksecurity.security.CryptEngine.getCipher(CryptEngine.java:422)
    at com.passmarksecurity.security.CryptEngine.encryptRaw(CryptEngine.java:340)
    at com.rsa.csd.key.AESMessageCryptEngine.encryptRaw(AESMessageCryptEngine.java:78)
    at com.passmarksecurity.security.CryptEngine.encrypt(CryptEngine.java:392)


 
CauseDuring installation and upgrade of Adaptive Authentication on Premise application Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files were not replaced.
ResolutionYou must apply a patch to avoid getting a security exception on the Sun or IBM JDK. The java.security.InvalidKeyException:illegal Key Size error is a common issue that occurs when you try to invoke a secured web service in an environment where the provision for Java unlimited security jurisdiction is not available. You may also see errors related to java.security.NoSuchAlgorithmException. You can avoid these exceptions by installing Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files.
To apply the patch:
  1. Download the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files for your JDK version:
  • Download the files for the Sun JDK here.
  • Download the files fo the IBM JDK here.
  1. Extract the local_policy.jar and US_export_policy.jar files in the zip file to the $JAVA_HOME/jre/lib/security directory. These files already exist in this directory so you must overwrite the existing files with the new ones.
  2. Restart the application server, and re-invoke the secured service. 

Attachments

    Outcomes