Cryptomator: java.security.InvalidKeyException: Illegal key size or default parameters

Created on 25 Oct 2016  路  5Comments  路  Source: cryptomator/cryptomator

Basic Info

  • I'm running Cryptomator on: Ubuntu 16.04 LTS
  • I'm using Cryptomator in version: 1.2.0

    Description

Since I update my version of Oracle JVM to 1.8.0_111 I have :

  • Very long machine freeze on first click in Cryptomator window (5 to 6 min)
  • Error when opening a vault : Error says "Invalid key", not sure this is linked to the input key (anyway I tried multiple times and the key pass I input IS good)

Exec trace

$ cryptomator.sh
2016-10-25 17:39:26,834 INFO  [Cryptomator:40] Starting Cryptomator 1.2.0 on Linux 4.4.0-45-generic (amd64)
2016-10-25 17:39:26,841 INFO  [SingleInstanceManager:299] no running instance found
2016-10-25 17:39:27,055 INFO  [MainApplication:45] JavaFX application started
2016-10-25 17:39:27,076 INFO  [Localization:42] Loaded localization from bundle:/localization/fr.txt
2016-10-25 17:39:27,179 INFO  [SettingsProvider:86] Settings loaded from /home/xxxxxx/.Cryptomator/settings.json
2016-10-25 17:39:27,571 DEBUG [SingleInstanceManager:325] InstanceManager bound to port 44736
2016-10-25 17:39:27,911 DEBUG [WelcomeController:144] Current version: 1.2.0, lastest version: 1.2.0
2016-10-25 17:46:05,190 INFO  [log:186] Logging initialized @398602ms
2016-10-25 17:46:05,223 INFO  [Server:345] jetty-9.3.3.v20150827
2016-10-25 17:46:05,239 INFO  [ContextHandler:775] Started o.e.j.s.ServletContextHandler@78b0c71c{/,null,AVAILABLE}
2016-10-25 17:46:05,243 INFO  [ServerConnector:270] Started ServerConnector@4642087c{HTTP/1.1,[http/1.1]}{0.0.0.0:42427}
2016-10-25 17:46:05,244 INFO  [Server:397] Started @398656ms
2016-10-25 17:46:05,244 INFO  [WebDavServer:85] Cryptomator is running on port 42427
2016-10-25 17:46:45,311 ERROR [AsyncTaskService:127] Uncaught exception
java.lang.IllegalArgumentException: Invalid key.
    at org.cryptomator.crypto.engine.impl.AesKeyWrap.unwrap(AesKeyWrap.java:63) ~[filesystem-crypto-1.2.0.jar:?]
    at org.cryptomator.crypto.engine.impl.CryptorImpl.readKeysFromMasterkeyFile(CryptorImpl.java:119) ~[filesystem-crypto-1.2.0.jar:?]
    at org.cryptomator.filesystem.crypto.Masterkeys.readMasterKey(Masterkeys.java:98) ~[filesystem-crypto-1.2.0.jar:?]
    at org.cryptomator.filesystem.crypto.Masterkeys.decrypt(Masterkeys.java:58) ~[filesystem-crypto-1.2.0.jar:?]
    at org.cryptomator.filesystem.crypto.CryptoFileSystemFactory.unlockExisting(CryptoFileSystemFactory.java:44) ~[filesystem-crypto-1.2.0.jar:?]
    at org.cryptomator.ui.model.Vault.activateFrontend(Vault.java:138) ~[Cryptomator-1.2.0.jar:1.2.0]
    at org.cryptomator.ui.controllers.UnlockController.unlock(UnlockController.java:295) ~[Cryptomator-1.2.0.jar:1.2.0]
    at org.cryptomator.ui.controllers.UnlockController.lambda$didClickUnlockButton$25(UnlockController.java:290) ~[Cryptomator-1.2.0.jar:1.2.0]
    at org.cryptomator.ui.util.AsyncTaskService.lambda$asyncTaskOf$6(AsyncTaskService.java:32) ~[Cryptomator-1.2.0.jar:1.2.0]
    at org.cryptomator.ui.util.AsyncTaskService$AsyncTaskImpl.lambda$null$13(AsyncTaskService.java:89) ~[Cryptomator-1.2.0.jar:1.2.0]
    at org.cryptomator.ui.util.AsyncTaskService.logExceptions(AsyncTaskService.java:118) ~[Cryptomator-1.2.0.jar:1.2.0]
    at org.cryptomator.ui.util.AsyncTaskService.access$100(AsyncTaskService.java:19) ~[Cryptomator-1.2.0.jar:1.2.0]
    at org.cryptomator.ui.util.AsyncTaskService$AsyncTaskImpl.lambda$run$14(AsyncTaskService.java:87) ~[Cryptomator-1.2.0.jar:1.2.0]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[?:1.8.0_111]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) ~[?:1.8.0_111]
    at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]
Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
    at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) ~[?:1.8.0_121]
    at javax.crypto.Cipher.implInit(Cipher.java:801) ~[?:1.8.0_121]
    at javax.crypto.Cipher.chooseProvider(Cipher.java:864) ~[?:1.8.0_121]
    at javax.crypto.Cipher.init(Cipher.java:1249) ~[?:1.8.0_121]
    at javax.crypto.Cipher.init(Cipher.java:1186) ~[?:1.8.0_121]
    at org.cryptomator.crypto.engine.impl.AesKeyWrap.unwrap(AesKeyWrap.java:61) ~[filesystem-crypto-1.2.0.jar:?]
    ... 15 more
2016-10-25 17:47:05,833 DEBUG [Server:416] doStop org.eclipse.jetty.server.Server@138ff362
2016-10-25 17:47:05,834 DEBUG [Server:438] Graceful shutdown org.eclipse.jetty.server.Server@138ff362 by 
2016-10-25 17:47:05,835 INFO  [ServerConnector:310] Stopped ServerConnector@4642087c{HTTP/1.1,[http/1.1]}{0.0.0.0:42427}
2016-10-25 17:47:05,836 INFO  [ContextHandler:885] Stopped o.e.j.s.ServletContextHandler@78b0c71c{/,null,UNAVAILABLE}
2016-10-25 17:47:05,838 DEBUG [Cryptomator:104] Shutting down

$ java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode

Important

I also have openJDK install and it works when launching with :

$ /usr/lib/jvm/java-8-openjdk-amd64/bin/java -Xmx512m -Dcryptomator.logPath=~/.Cryptomator/cryptomator.log -Dcryptomator.upgradeLogPath=~/.Cryptomator/upgrade.log -Dcryptomator.settingsPath=~/.Cryptomator/settings.json -jar /usr/share/java/cryptomator/Cryptomator-1.2.0.jar

Rgds,

picture fredericchamp

Most helpful comment

Hint: If you use the webupd8 PPA, you can simply apt-get install oracle-java8-unlimited-jce-policy

picture overheadhunter on 25 Oct 2016
👍6 🎉32

All 5 comments

In the Cryptomator installers/binaries we already bundle the JVM. If you'd prefer to use the system JVM, you also have to install JCE for the 256-bit keys. This is only needed for Oracle JVM. OpenJDK doesn't have this restriction. You can download JCE from here.

Edit: I guess, I have no clue about our Linux distribution. :laughing:

tobihagemann picture tobihagemann on 25 Oct 2016
👍1

Hint: If you use the webupd8 PPA, you can simply apt-get install oracle-java8-unlimited-jce-policy

overheadhunter picture overheadhunter on 25 Oct 2016
👍6 🎉32

In fact I did try uninstall/reinstall apt-get remove cryptomator; apt-get install cryptomator with no results => I beleive cryptomator package doen't include JVM on Ubuntu ppa
Anyway everything works fine after oracle-java8-unlimited-jce-policy package install
Thanks !

fredericchamp picture fredericchamp on 25 Oct 2016

@fredericchamp nope the PPA version doesn't include a JVM (this is not possible due to restrictions of the PPA build servers), tobihagemann was mistaken. The ancient key length restrictions of Oracle's JDK are the reason why we depend on OpenJDK instead. Maybe there is a chance to reconfigure the PPA package in a way that the user can choose either openjdk or oracle + unlimited-jce-thing.

overheadhunter picture overheadhunter on 26 Oct 2016

Hint: If you use the webupd8 PPA, you can simply apt-get install oracle-java8-unlimited-jce-policy

@overheadhunter Thank you so much for the simple fix! :sparkling_heart:

winniehell picture winniehell on 28 Dec 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Eyremba picture Eyremba  路  4Comments
tobihagemann picture tobihagemann  路  4Comments
Buena-Vista picture Buena-Vista  路  5Comments
Turako picture Turako  路  3Comments
TheZoker picture TheZoker  路  4Comments