How do I resolve a Prime Size error (java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 2048(inclusive) within an SFTP resource?
GoAnywhere is dependent upon the ability of the Security Provider used to generate Diffie-Hellman keypairs during the key exchange. Depending upon the key exchange algorithm used, the server may require a key size larger than the default Java Security Provider can support.
The exception can be resolved using any one of the following options:
Disable the key exchange algorithm that is negotiating a key size larger than the supported maximum (in GoAnywhere MFT version 5.2.4 or higher)
Specify a BouncyCastle parameter in the GoAnywhere config file (see below) to use the BouncyCastle provider for Diffie-Hellman key pair generation, which supports up to 8192 bit key sizes (version 5.2.4 or higher required)
Enable FIPS mode, which supports up to 8192 bit key sizes (any version of GoAnywhere) - This solution implements the JSafeJCE provider and will affect other encryption settings beyond SFTP. Be sure to understand the impacts of enabling FIPS by reading the documentation included in GoAnywhere.
Diffie-Hellman Key Exchange Algorithms
DH Key Exchange Algorithm DH Key Size
diffie-hellman-group-exchange-sha1 Negotiated between 1024 and 8192
diffie-hellman-group-exchange-sha256 Negotiated between 1024 and 8192
Security Provider Max Diffie-Hellman Key Sizes
Security Provider Max DH Key Size
Default SunJCE (Oracle Java 1.7) 1024
Default SunJCE (Oracle Java 1.8) 2048
JSafeJCE (FIPS certified provider) 8192
BouncyCastle Parameter ***Version GAMFT 5.2.4 or higher Required***
Add the following line to the [INSTALL_DIR]/config/system.properties and restart (stop then start) GoAnywhere MFT.