Cryptography is known as a challenging topic for developers. We studied the StackOverflow posts to identify the problems that developers encounter when using the Java Cryptography Architecture (JCA) for symmetric encryption. We investigated the security risks disseminated in these posts, and we examined whether ChatGPT helps avoid cryptography issues. Our manual inspection of 400 StackOverflow posts revealed that developers frequently struggle with key and initialization vector (IV) generation, as well as padding. Exception messages are often confusing and do not uncover the root causes of problems. Security is a top concern among developers, yet security issues are pervasive in the shared code snippets. An analysis of 13 security rules showed that 82% of the inspected posts contained at least one violation, and in a large-scale study of 3,426 posts we identified 5,305 violations, averaging 1.7 violations per post. The most common issues involved the use of insecure encryption modes and hard-coded keys. We further examined how GPT responds to 100 StackOverflow questions. ChatGPT provided “working” solutions, but in most cases it transferred security violations from the question to its answer. When explicitly prompted to provide a “secure solution,” ChatGPT corrected violations in 42 cases, and with more targeted prompting, additional issues could be cleared. Nevertheless, it continued to adopt weak key generation functions and include CBC in scenarios where it is not secure. In summary, we provided a comprehensive study of Java developer challenges in symmetric encryption, revealed the prevalence of security violations in StackOverflow code, highlighted the potential of ChatGPT in complementing human expertise, and demonstrated that while it can assist in evaluating code security, it does not replace human expertise. Developers should remain alert when using ChatGPT as a programming assistant.