Solved JCE Unlimited Strength files

Discussion in 'Spigot Plugin Development' started by ramidzk, Apr 22, 2017.

Thread Status:
Not open for further replies.
  1. I'm making my very own cracked player auth plugin so I had a great idea on how to 'store' password.

    I make a key by SHA256ing the password to get a 256-bit key and using some SecretKeySpi stuff.
    Then I encrypt a 311 long String and keep that in a final variable. I keep the IV (Initial Vectors) also in a final variable
    When I need to check, I try to decrypt the encrypted text with the given passphrase key (again SHA256 and SecretKeySpi). If I can decrypt it and the decrypted text is equal to my 311 long String I return true, otherwise false.

    My problem:

    I was trying to make the keys 256 bits with AES (Asymmetrical encryption wouldn't make much sense here). I tried to make the key but I would always get and Exception of something like InvalidKeyException. So I thought I would use BouncyCastle. Add add their provider and put

    Code (Text):
    // OLD
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
    // NEW
    Cipher newCipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
    // I would have registered BC in Security with a static thing like
    static {
        Security.addProvider(new BouncyCastleProvider());
    But still, I would get the same error message but from a class from org.bouncycastle
    Then, I discovered something by the name of
    Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy (It was that big when I copied it from here so I made it bold)

    So I download the files and I put it in C:\Program Files\Java\jre1.8.0_121\lib\security and then I STILL get the same error Exception. Any help?
  2. Why are you even encrypting it? Just hashing should be plenty.
    • Agree Agree x 1
  3. Oh xD I'm SHA256 using it for keys when I could use it to just hash the passwords. Anyway I got it working I had to put the files also in my JDK's JRE instance (who knew?)
Thread Status:
Not open for further replies.