I have same problem too. System was complaining that the java virtual machine does not have unlimited JCE policy but I do have installed the policy.
Any clue?
MakkaPakka wrote:
I'm trying to use Jasypt with Bouncy Castle AES and want to clarify what size password I should/can use.
I've looked at StandardPBEByteEncyptor and it does PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password.toCharArray()) so I would assume I can use any length password.
However, anything greater than 7 chars doesn't work.
Here's the tester code.....
private static final void determinePasswordLength() {
Security.addProvider(new BouncyCastleProvider());
final StringBuilder sb = new StringBuilder();
for (int i = 0; i < 1000; ++i) {
sb.append(i);
final StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
encryptor.setAlgorithm("PBEWITHSHA256AND128BITAES-CBC-BC");
encryptor.setPassword(sb.toString());
try {
encryptor.encrypt("stuff");
System.out.println(sb + " works");
} catch (final EncryptionOperationNotPossibleException e) {
// System.out.println(sb + " fails");
}
}
}
So I'm guessing there's something I don't understand somewhere, is it to do with the use of SHA? I've tried SHA and SHA256 and I still get the same result.
More importantly, how secure is this? I would generally expect to be able to use longer passwords so as to increase the entropy.
Thanks for any help you can give.
