InvalidKeyException Illegal key size

Question

I have a test which runs great on my development MacBook Pro, but fails to run in continuous integration TeamCity server.

The error is following:

java.security.InvalidKeyException: Illegal key size
    at javax.crypto.Cipher.a(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)

Both development box and TeamCity uses Java 1.6 and I use BouncyCastle library for the need of special AES encryption.

The code is following:

private byte[] aesEncryptedInfo(String info) throws UnsupportedEncodingException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidParameterSpecException, InvalidAlgorithmParameterException, NoSuchProviderException {
    Security.addProvider(new BouncyCastleProvider());
    SecretKey secret = new SecretKeySpec(CUSTOMLONGSECRETKEY.substring(0, 32).getBytes(), "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
    cipher.init(Cipher.ENCRYPT_MODE, secret, new IvParameterSpec(VECTOR_SECRET_KEY.getBytes()));
    return cipher.doFinal(info.getBytes("UTF-8"));
}

UPDATE

Looks like according to the selected answer I have to modify something on my TeamCity installation and it will possibly affect some user installations - so its not a good choice I have to switch to another crypto library to do that without limitations. So probably bouncy castle will help.

Answer 1

You will probably need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (available at Oracle).

If you don't, the keysize is limited due to US export laws.

Answer 2

In addition to installing policy files, also make sure that CUSTOMLONGSECRETKEY...getBytes() does indeed produce 32 bytes array. I would use CUSTOMLONGSECRETKEY.getBytes(some encoding) and get first 32 bytes from that. Better yet, use whole secret key to derive keys for AES with the size that you need.