Q: I am trying to work with AES 256 encryption and Qoppa’s Java PDF library is giving the following error: com.qoppa.pdf.PDFException: Illegal key size.A: All our libraries can work with PDF documents and AES 256 encryption – to encrypt or decrypt PDF documents depending on which library you’re using – but they require an extension to Java (in the form of 2 new policy files) called the Java Cryptography Extension.

It’s simple to install this extension on Windows and Linux machines:

1. Download the Java Cryptography Extension (JCE) from Oracle. It’s a zip file containing 3 or 4 files.

JCE for Java 8
JCE for Java 7
JCE for Java 6

2. Extract the content of the zip file to a folder.

3. Copy the files called local_policy.jar and US_export_policy.jar to the following folder  $JAVA_HOME/jre/lib/security/ where $JAVA_HOME is the location of your JDK/JRE. They will overwrite the 2 existing files with the same name in this directory.

Note that there are import control restrictions for JCE files in some countries whose governments mandate cryptographic restrictions. Restricted countries include but may not be limited to: Afghanistan, Cuba, Iran, Iraq, Libya, North Korea, Serbia/Montenegro (Yugoslavia), Sudan, Syria and parties listed on the Denied and Restricted Parties List.

In version 2013R2, we implemented the new AES 256 algorithm (R=6) as defined in the latest PDF specifications (PDF 2.0). The new algorithm is compatible with Acrobat X and later. The new algorithm is used when applying new signatures but the “old” algorithm (R=5) is still verified in existing signatures for backward compatibility with Adobe Acrobat 9.