diff --git a/lib/src/main/java/io/ably/lib/util/Crypto.java b/lib/src/main/java/io/ably/lib/util/Crypto.java index c7c8f8755..c44de568b 100644 --- a/lib/src/main/java/io/ably/lib/util/Crypto.java +++ b/lib/src/main/java/io/ably/lib/util/Crypto.java @@ -20,7 +20,7 @@ /** * Utility classes and interfaces for message payload encryption. * - * This class supports AES/CBC/PKCS5 with a default key length of 128 bits + * This class supports AES/CBC/PKCS5 with a default key length of 256 bits * but supporting other key lengths. Other algorithms and chaining modes are * not supported directly, but supportable by extending/implementing the base * classes and interfaces here. @@ -37,7 +37,7 @@ public class Crypto { public static final String DEFAULT_ALGORITHM = "aes"; - public static final int DEFAULT_KEYLENGTH = 128; // bits + public static final int DEFAULT_KEYLENGTH = is256BitsSupported() ? 256 : 128; // bits public static final int DEFAULT_BLOCKLENGTH = 16; // bytes /** @@ -289,6 +289,19 @@ private static final int getPaddedLength(int plaintextLength) { }; } + /** + * Determine whether or not 256-bit AES is supported. (If this determines that + * it is not supported, install the JCE unlimited strength JCE extensions). + * @return + */ + private static boolean is256BitsSupported() { + try { + return Cipher.getMaxAllowedKeyLength(DEFAULT_ALGORITHM) >= 256; + } catch (NoSuchAlgorithmException e) { + return false; + } + } + /** * The default system SecureRandom */