Search code examples
javaencryptionjasypt

SecretKeyFactory Not Available (Jasypt)

I am trying to encrypt a string using Jasypt 1.9.3 and my JDK version is 1.8.0_281.

This is the code I am have written:

Security.setProperty("crypto.policy", "unlimited");
            
if (pooledPBEStringEncryptor == null) {
    
    pooledPBEStringEncryptor = new PooledPBEStringEncryptor();
    
    pooledPBEStringEncryptor.setPassword(encryptionKey);
    pooledPBEStringEncryptor.setAlgorithm("PBEWITHHMACSHA512ANDAES256");
    pooledPBEStringEncryptor.setPoolSize(4);
    pooledPBEStringEncryptor.setSaltGenerator(new RandomSaltGenerator());
}       

encrypted = pooledPBEStringEncryptor.encrypt(cValue);

But when I run it, I get the error

Exception in thread "main" java.lang.RuntimeException: Security Error in doEncrypt: org.jasypt.exceptions.EncryptionInitializationException: java.security.NoSuchAlgorithmException: PBEWITHHMACSHA512ANDAES256 SecretKeyFactory not available

I ran the AlgorithmRegistry.getAllPBEAlgorithms() and my output is:

PBEWITHHMACSHA1ANDAES_128, PBEWITHHMACSHA1ANDAES_256, PBEWITHHMACSHA224ANDAES_128, PBEWITHHMACSHA224ANDAES_256, PBEWITHHMACSHA256ANDAES_128, PBEWITHHMACSHA256ANDAES_256, PBEWITHHMACSHA384ANDAES_128, PBEWITHHMACSHA384ANDAES_256, PBEWITHHMACSHA512ANDAES_128, PBEWITHHMACSHA512ANDAES_256, PBEWITHMD5ANDDES, PBEWITHMD5ANDTRIPLEDES, PBEWITHSHA1ANDDESEDE, PBEWITHSHA1ANDRC2_128, PBEWITHSHA1ANDRC2_40, PBEWITHSHA1ANDRC4_128, PBEWITHSHA1ANDRC4_40

When I use the algorithm PBEWITHHMACSHA256ANDAES_256 I get a different error.

Exception in thread "main" java.lang.RuntimeException: Security Error in doEncrypt: org.jasypt.exceptions.EncryptionOperationNotPossibleException

I am a little lost as to what to do.

I have downloaded the unlimited policy jars from Oracle and saved them in JAVA_HOME\jre\lib\security\ folder. And I am on Windows.

Solution

  • The code lacks the specification of the IV generator with setIvGenerator(), e.g.:

    pooledPBEStringEncryptor.setIvGenerator(new RandomIvGenerator());

    By default, NoIvGenerator is used, which causes the exception because the algorithm applies the CBC mode, which requires an IV.

    The default salt generator, by the way, is RandomSaltGenerator, so this would not necessarily need to be specified with setSaltGenerator().

    The PooledPBEStringEncryptor#encrypt() method returns the Base64 encoded concatenation of salt (16 bytes), IV (16 bytes) and ciphertext.

    The exception org.jasypt.exceptions.EncryptionOperationNotPossibleException is a general exception that is generated in many error situations and is therefore not very meaningful, see here. This includes e.g. the missing of the JCE Unlimited Strength Jurisdiction Policy (which however seems to be installed on your system).

    For completeness: The algorithm is called PBEWITHHMACSHA512ANDAES_256 (which you have already figured out yourself).
    PBEWITHHMACSHA512ANDAES_256 derives a 32 bytes key for AES-256 from password and salt using PBKDF2. HMAC/SHA512 is applied. Since not explicitly specified, the default iteration count of 1000 is used. The algorithm applies the CBC mode for encryption (which is why the IV is needed).