java.security.InvalidKeyException: Illegal key size or default parameters

做CA认证 生成证书时候出错，后来发现是 秘钥长度太长了，怎么会有这个问题呢，看下面的：

参考网址 ： http://open.eucalyptus.com/forum/illegal-key-size

http://ksgimi.iteye.com/blog/1584716

异常：

EjbcaException_Exception: exception encrypting data - java.security.InvalidKeyException: Illegal key size

分析：

Illegal key size or default parameters是指密钥长度是受限制的，java运行时环境读到的是受限的policy文件。文件位于${java_home}/jre/lib/security 
这种限制是因为美国对软件出口的控制。 

所以下载匹配的jce_policy ,替换jdk安装目录下 jdk1.* \jre\lib\security 中的 local_policy.jar  和 US_export_policy.jar 两个jar包。（不主要）

替换jdk安装目录下 jre* \lib\security 中的 local_policy.jar  和 US_export_policy.jar 两个jar包。（主要）

注 ：* 是版本号

看下文:

I was working on webservice call where my code was breaking in RAD during decrypting the password of keystore. I encountered below error:

Caused by: java.security.InvalidKeyException: Illegal key size or default parameters
    at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
    at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
    at javax.crypto.Cipher.a(DashoA13*..) ~[na:1.6]
    at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]
    at javax.crypto.Cipher.init(DashoA13*..) ~[na:1.6]


There are key size restrictions with the default crypto files local_policy.jar and US_export_policy.jar comes with JDK – which limits it to 128. If your security policy using a key size larger than this – then the above exception is thrown.

For example – if your security policy specifies the algorithmic suite as Basic256 – then the key size to be used is 256.

For the solution of above issue, you need to patch your JDK with Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.

For JDK1.5 visit, download the crypto files and copy the two jar files from the extracted jce directory (local_policy.jar and US_export_policy.jar) to $JAVA_HOME/jre/lib/security.

For JDK1.6 visit

If your IDE using it’s own specific JDK then patch that as well with these files to resolve the issue.