java.security.InvalidAlgorithmParameterException: GCM can not be used with class javax.crypto.spec.GCMParameterSpec

Question

I'm Encrypting the data with "AES/GCM/NoPadding" algorithm, before cipher init method I'm getting java.security.InvalidAlgorithmParameterException: GCM can not be used with class javax.crypto.spec.GCMParameterSpec error, is there any specific reason for this??

Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec parameterSpec = new GCMParameterSpec(128, iv);
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
cipher.init(Cipher.ENCRYPT_MODE, keySpec, parameterSpec);

Hi James, the entire stacktrace is "java.security.InvalidAlgorithmParameterException: GCM can not be used with class javax.crypto.spec.GCMParameterSpec" — Surendra Naidu, Jun 19 '20 at 15:09
What version of Java are you using? I think any problems would be reported by the `Cipher.getInstance()` call, but rollout of GCM was staggered a bit between Java 7 and 8. — erickson, Jun 19 '20 at 17:03
Can you perform `cipher.getProvider()` and print that out (before initialization, of course). — Maarten Bodewes, Jun 20 '20 at 00:01
Hi Marteen, on printout of `cipher.getProvider()` I'm getting **IAIK version 5.4** — Surendra Naidu, Jun 20 '20 at 00:51

score 1 · Answer 1 · answered Jun 21 '20 at 11:43

It seems you have to use the IAIK specific "GCMParameterSpec" and not the Java "JCE-own". I assume that your IDE has automatically choose the JCE one because you are using only 2 parameters ("128" and iv).

Regarding the IAIK-Javadocs http://javadoc.iaik.tugraz.at/iaik_jce/old/iaik/security/cipher/GCMParameterSpec.html I can see that there are four constructors but none of the one with 2 parameters needs aadata and nonce:

Constructor and Description

GCMParameterSpec() Creates a GCM Parameter specification with default values.

GCMParameterSpec(byte[] aaData, byte[] nonce) Creates a GCM Parameter specification with the given additional data and nonce.

GCMParameterSpec(byte[] aaData, byte[] nonce, byte[] macBlock) Creates a GCM Parameter specification with the given additional data, nonce and MAC block.

GCMParameterSpec(byte[] aaData, byte[] nonce, int macLen) Creates a GCM Parameter specification with the given additional data, nonce and MAC length.

So I think you could use:

GCMParameterSpec(byte[] aaData, byte[] nonce, int macLen)

and with your data

GCMParameterSpec(null, iv, 128)

score -3 · Answer 2 · answered Jun 19 '20 at 16:55

Try this something like this:

try {
        SecureRandom random = new SecureRandom();
        byte[] salt = new byte[16];
        random.nextBytes(salt);
        KeySpec spec = new PBEKeySpec("password".toCharArray(), salt, 65536, 256); // AES-256
        SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        byte[] key = f.generateSecret(spec).getEncoded();
        byte[] iv = "iv".getBytes();

        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        GCMParameterSpec parameterSpec = new GCMParameterSpec(128, iv);
        SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
        cipher.init(Cipher.ENCRYPT_MODE, keySpec, parameterSpec);

    } catch (InvalidKeyException e) {
        e.printStackTrace();
    } catch (InvalidAlgorithmParameterException e) {
        e.printStackTrace();
    } catch (NoSuchPaddingException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (InvalidKeySpecException e) {
        e.printStackTrace();
    }

java.security.InvalidAlgorithmParameterException: GCM can not be used with class javax.crypto.spec.GCMParameterSpec

2 Answers2