java.security.InvalidKeyException: Illegal key size or default parameters
will be reported. In this case, we need to supplement Oracle's JCE unlimited strength jurisdiction policy files and deploy them in the JRE environment. Please download the corresponding files according to the JDK version used, and decompress and save them in the jre/lib/security
directory under JAVA_HOME
.// Initialize user authentication information (`secretId` and `secretKey`).// Log in to the [CAM console](https://console.tencentcloud.com/cam/capi) to view and manage the `SecretId` and `SecretKey` of your project.String secretId = System.getenv("secretId"); // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.String secretKey = System.getenv("secretKey"); // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.COSCredentials cred = new BasicCOSCredentials(secretId, secretKey);// Set the COS region. For regions and their abbreviations, visit https://www.tencentcloud.com/zh/document/product/436/6224.ClientConfig clientConfig = new ClientConfig(new Region("COS_REGION"));// You are advised to initiate requests over HTTPS to avoid decryption failure caused by altered request headers.clientConfig.setHttpProtocol(HttpProtocol.https);// CMK of the KMS serviceString cmk = "XXXXXXX";//// The region needs to be configured separately if the KMS region is different from the region of the COS bucket.//String kmsRegion = "XXXXX";// Initiate KMS encryption materials.KMSEncryptionMaterials encryptionMaterials = new KMSEncryptionMaterials(cmk);// Use the AES/GCM mode and store the encrypted information in the file metadata.CryptoConfiguration cryptoConf = new CryptoConfiguration(CryptoMode.AuthenticatedEncryption).withStorageMode(CryptoStorageMode.ObjectMetadata);//// Specify the KMS region in the encryption configuration if it is different from the region of the COS bucket.//cryptoConf.setKmsRegion(kmsRegion);//// You can configure a description for the KMS CMK if needed.// encryptionMaterials.addDescription("yourDescKey", "yourDescValue");// Generate an encryption client (EncryptionClient), more specifically COSEncryptionClient. It is a subclass of COSClient, and allows for the use of all APIs supported by COSClient.// COSEncryptionClient overwrites the COSClient for upload and download logic, and additionally performs encryption. The other operations, however, use the same logic as that of the COSClient.COSEncryptionClient cosEncryptionClient =new COSEncryptionClient(new COSStaticCredentialsProvider(cred),new KMSEncryptionMaterialsProvider(encryptionMaterials), clientConfig,cryptoConf);// Upload the file// Here is an example of PUT Object. For the advanced upload API, all you need to do is pass in the COSEncryptionClient object when generating TransferManager.String bucketName = "examplebucket-1250000000";String key = "exampleobject";File localFile = new File("localFilePath");PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, key, localFile);cosEncryptionClient.putObject(putObjectRequest);cosEncryptionClient.shutdown();
// Initialize user authentication information (`secretId` and `secretKey`).// Log in to the [CAM console](https://console.tencentcloud.com/cam/capi) to view and manage the `SecretId` and `SecretKey` of your project.String secretId = System.getenv("secretId"); // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.String secretKey = System.getenv("secretKey"); // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.COSCredentials cred = new BasicCOSCredentials(secretId, secretKey);// Set the COS region. For regions and their abbreviations, visit https://www.tencentcloud.com/zh/document/product/436/6224.ClientConfig clientConfig = new ClientConfig(new Region("COS_REGION"));// Generate a symmetric key to save as file metadata.KeyGenerator symKeyGenerator = KeyGenerator.getInstance("AES");symKeyGenerator.init(256);SecretKey symKey = symKeyGenerator.generateKey();EncryptionMaterials encryptionMaterials = new EncryptionMaterials(symKey);// Use AES/GCM mode and store the encrypted information in the file metadata.CryptoConfiguration cryptoConf = new CryptoConfiguration(CryptoMode.AuthenticatedEncryption).withStorageMode(CryptoStorageMode.ObjectMetadata);// Generate an encryption client (EncryptionClient), more specifically, COSEncryptionClient. It is a subclass of COSClient, and allows for the use of all APIs supported by COSClient.// COSEncryptionClient overwrites the COSClient for upload and download logic, and additionally performs encryption. The other operations, however, use the same logic as that of the COSClient.COSEncryptionClient cosEncryptionClient =new COSEncryptionClient(new COSStaticCredentialsProvider(cred),new StaticEncryptionMaterialsProvider(encryptionMaterials), clientConfig,cryptoConf);// Upload the file// Here is an example of PUT Object. For the advanced upload API, all you need to do is pass in the COSEncryptionClient object when generating TransferManager.String bucketName = "examplebucket-1250000000";String key = "exampleobject";File localFile = new File(localFilePath);PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, key, localFile);cosEncryptionClient.putObject(putObjectRequest);cosEncryptionClient.shutdown();
// Initialize user authentication information (`secretId` and `secretKey`).// Log in to the [CAM console](https://console.tencentcloud.com/cam/capi) to view and manage the `SecretId` and `SecretKey` of your project.String secretId = System.getenv("secretId"); // User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.String secretKey = System.getenv("secretKey"); // User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://www.tencentcloud.com/document/product/598/32675.COSCredentials cred = new BasicCOSCredentials(secretId, secretKey);// Set the COS region. For regions and their abbreviations, visit https://www.tencentcloud.com/document/product/436/6224.ClientConfig clientConfig = new ClientConfig(new Region("COS_REGION"));// Generate an asymmetric key.KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA");SecureRandom srand = new SecureRandom();keyGenerator.initialize(1024, srand);KeyPair asymKeyPair = keyGenerator.generateKeyPair();EncryptionMaterials encryptionMaterials = new EncryptionMaterials(asymKeyPair);// Use AES/GCM mode and store the encrypted information in the file metadata.CryptoConfiguration cryptoConf = new CryptoConfiguration(CryptoMode.AuthenticatedEncryption).withStorageMode(CryptoStorageMode.ObjectMetadata);// Generate an encryption client (EncryptionClient), more specifically COSEncryptionClient. It is a subclass of COSClient, and allows for the use of all APIs supported by COSClient.// COSEncryptionClient overwrites the COSClient for upload and download logic, and additionally performs encryption. The other operations, however, use the same logic as that of the COSClient.COSEncryptionClient cosEncryptionClient =new COSEncryptionClient(new COSStaticCredentialsProvider(cred),new StaticEncryptionMaterialsProvider(encryptionMaterials), clientConfig,cryptoConf);// Upload the file// Here is an example of putObject. For advanced API upload, use the COSEncryptionClient object when generating TransferManager.String bucketName = "examplebucket-1250000000";String key = "exampleobject";File localFile = new File(localFilePath);PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, key, localFile);cosEncryptionClient.putObject(putObjectRequest);cosEncryptionClient.shutdown();
Was this page helpful?