Java: InvalidAlgorithmParameterException Prime size must be multiple of 64

I didn't have the benefit of switching to Ganymed, so I installed the "Bouncy Castle" libraries to replace the security on the JVM. For some reason the Java 8 JVM still does not allow for security keys to be larger than 1024 in length.

1. Download the jar files from https://www.bouncycastle.org/latest_releases.html (look for jar files that start with 'bcprov-jdk')

2. Place the jar files under $JAVA_HOME/jre/lib/ext

3. Edit the java.security file located in $JAVA_HOME/jre/lib/security
4. Scroll down past the middle of the file and you will find a numbered list of security providers (around 9 or 8). Place a comment for the line of the seecond provider (with a #)

5. Replace the commented line with this:

   security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider

6. Restart what you must, and try again.

I'm baffled as to why we need to hack the JDK this way. It doesn't inspire a lot of confidence to anybody I mentioned it at work. But since there is poor documentation (or education) on anything relating to security we are treating it as a 'temporary' fix.

I was getting the same error with JGit's use of JSch. I tried a lot of suggestions in this thread to no avail.

But then recently, I noticed that if I used a slightly newer jre than I used before, the error went away.

Just for the record, I was using "jsch-0.1.55.jar" and the two jre's I tried were:

• JRE 1.7.0_80 (experienced the exception)
• JRE 1.8.0_191 (made the problem go away)

I can't say for sure whether it was merely the JRE upgrade that resolved the problem or the suggested tweaks from this thread that I made in addition.

All the same, just wanted to share the experience in case it helps someone else.

I tried using a 2048 bit key that I generate in a server, still I am receiving those error. The solution that I found is to use a different SSH library and the one that works is Ganymed SSH-2, instead of JSch. Thank you for all the suggestions and comments.

Edited: In addition, this library is also light weight ~1MB.

I solved a similar problem on oracle java 8 by switching to bouncycastle provider for ssl/tls:

1. Added bouncycastle to my project

   <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk15on</artifactId>
       <version>1.54</version>
   </dependency>
   

2. Before I do any SSL stuff, I add the BouncyCastle provider as 1st provider to the list:

   Security.insertProviderAt(new BouncyCastleProvider(),1);
   

This works with most stuff that uses sun's SSLSocketFactory, so it might also work with JSch.