PROBLEM DESCRIPTION


Metadata crawl for a DB source fails with the below exception in the job log.


18/11/20 09:40:27 ERROR aes.AES256: Exception: Invalid key error
18/11/20 09:40:27 ERROR aes.AES256: java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1026) at javax.crypto.Cipher.init(Cipher.java:1245)
at javax.crypto.Cipher.init(Cipher.java:1186) at infoworks.tools.security.aes.AES256.decryptData(AES256.java:108)
at infoworks.tools.security.aes.EncryptionUtil.decryptPassword(EncryptionUtil.java:17)
at infoworks.tools.security.aes.EncryptionUtil.getMetadbPassword(EncryptionUtil.java:25)


ROOT CAUSE


The issue occurs when the correct Java Cryptography Extension (JCE) files are not present in your /java/jre/lib/security directory that Infoworks uses.


SOLUTION


The "java.security.InvalidKeyException:illegal Key Size" error message usually pops up when we try to invoke web services in a secured manner and your JVM is not provisioned for Java unlimited security jurisdiction.


For 128 bit key encryption you do not need Unlimited Strength Java Cryptography Extension jars. Default ones should work just fine.


But to use 256-bit keys with AES we need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. Infoworks uses 256-bit keys with AES.


a) Download the Unlimited strength JCE files for java 8 from the location https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html and replace the existing files with the files downloaded.

b) Run the Metadata crawl job again.


Note: Make sure that the above jars are placed in the java/jre/lib/security directory that Infoworks uses. Check the JAVA_HOME set in $IW_HOME/bin/env.sh file for the java installation path.