AES XTS mode and java.security.InvalidKeyException: java.security.InvalidAlgorithmParameterException: Algorithm parameters required

2 years ago

Originally Published: 2007-09-17

Article Number

000053124

Applies To

RSA Key Manager Server

RSA Key Manager Client

Issue

Exception is thrown when trying to encrypt

com.rsa.kmc.KMException: java.security.InvalidKeyException: java.security.InvalidAlgorithmParameterException: Algorithm parameters required.

Cause

When creating a Key Class on the RKM Server and specifying the Cipher, if AES is selected for the Algorithm and 256 or 512 is selected for the Key Size, one of the choices for the Mode is XTS. AES XTS mode is only used for the EMC PowerPath product and not supported by RKM Client.

Resolution

When creating a Key Class on the RKM Server, ensure that XTS mode is not specified unless the Key Class is going to be used by a product that supports it (such as EMC PowerPath).

Notes

For most applications, CBC mode should be used. For more information about the block cipher modes, see the Security Concepts document that is included with RKM Client and RKM Server (doc\security_concepts.pdf) > Symmetric Key Cryptography > Block Ciphers > Modes of Operation.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles