Detecting key length restrictions

Let me be a little more specific. I'm presenting the user with a GUI widget (JSlider, JTextField, whatever) that will allow them to enter the desired keysize. After they enter the keysize, they hit an 'Encrypt" button and the program goes off and does something like the following:

int keysize = keySizeWidget.getValue()

KeyGenerator kg = KeyGenerator.getInstance("Blowfish");

kg.init(keysize );

SecretKey sk = kg.generateKey();

Cipher c = Cipher.getInstance("Blowfish");

c.init(Cipher.ENCRYPT_MODE,sk);

Now, if the user selects a keysize of 448, but only has the default JRE 1.4 policy files (i.e. they haven't downloaded the unlimited versions), then I get a SecurityException at the call to c.init() reporting an unsupported keysize. However, a long time passes before the exception is thrown, and the user has no feedback when they provide the keysize that the value will be rejected later when they hit the encrypt button.

Is there any means of finding out ahead of time what keysizes a given Cipher object will accept? It would be nice to setup the interface so that they can only select valid keysizes (i.e set the maximum value of a JSlider to 128 if they don't have the unlimited encription support).

Any help would be appreciated.

rgeimera at 2007-7-8 >

Well, it's me again. :-)

Unfortunately Sun's JCE implementation seems keeps crypto policy separate from the system policy and it is impossible to retrieve it by using security classes. The only way I did find to workarrount this problem is to parse policies by hands. There is classes in Sun's JCE 1.2 which can be used for this, but practically they are obfuscated and their names are not CryptoPermission and CryptoAllPermission.

So, you should read /jre/lib/security/local_policy.jar, find and parse the default_local.policy file inside that jar and check if CryptoPermission entries has any limitations; or simplier if there is CryptoAllPermissions then there is no limitations.

euxxa at 2007-7-8 >