Prime Size Error

View some of the Frequently Asked Questions to our support staff. Included are some tips and tricks making this forum ideal for users getting started with GoAnywhere MFT. Note: Users can reply to existing topics but only our support staff can add new topics to this forum.
1 post Page 1 of 1

Support_Philip

User avatar
Site Admin
Posts: 43
Joined: Wed Jun 21, 2017 8:12 am

Post by Support_Philip » Fri Jul 28, 2017 3:27 pm
Question:

How do I resolve a Prime Size error (java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 2048(inclusive) within an SFTP resource?


Answer:

GoAnywhere is dependent upon the ability of the Security Provider used to generate Diffie-Hellman keypairs during the key exchange. Depending upon the key exchange algorithm used, the server may require a key size larger than the default Java Security Provider can support.
The exception can be resolved using any one of the following options:
 Disable the key exchange algorithm that is negotiating a key size larger than the supported maximum (in GoAnywhere MFT version 5.2.4 or higher)
 Specify a BouncyCastle parameter in the GoAnywhere config file (see below) to use the BouncyCastle provider for Diffie-Hellman key pair generation, which supports up to 8192 bit key sizes (version 5.2.4 or higher required)
 Enable FIPS mode, which supports up to 8192 bit key sizes (any version of GoAnywhere) - This solution implements the JSafeJCE provider and will affect other encryption settings beyond SFTP. Be sure to understand the impacts of enabling FIPS by reading the documentation included in GoAnywhere.

Diffie-Hellman Key Exchange Algorithms
DH Key Exchange Algorithm DH Key Size
diffie-hellman-group1-sha1 1024
diffie-hellman-group14-sha1 2048
diffie-hellman-group-exchange-sha1 Negotiated between 1024 and 8192
diffie-hellman-group-exchange-sha256 Negotiated between 1024 and 8192

Security Provider Max Diffie-Hellman Key Sizes
Security Provider Max DH Key Size
Default SunJCE (Oracle Java 1.7) 1024
Default SunJCE (Oracle Java 1.8) 2048
JSafeJCE (FIPS certified provider) 8192
BouncyCastle 8192

BouncyCastle Parameter ***Version GAMFT 5.2.4 or higher Required***
 Add the following line to the [INSTALL_DIR]/config/system.properties and restart (stop then start) GoAnywhere MFT.
com.linoma.sftp.client.kexProvider.BC=true
Philip Horn
Senior Support Analyst
e. [email protected]
p. 1-800-949-4696
w. GoAnywhere.com | HelpSystems.com
1 post Page 1 of 1