Skip to main content
Question

Java SDK JWT authentication

  • May 22, 2025
  • 2 replies
  • 13 views
C
Forum|alt.badge.img

Hey,

 

I'm using the java SDK with the maven dependency 2.8.1.

I generated a public/private key pair using the Box platform, and stored the json config file in my project.

Following the tutorial I try to authenticate with this code:

 

// Open a reader to read and dispose of the automatically created Box configuration file.
try(Reader reader = new FileReader("../config/testBoxConfig.json")) {
    // Initialize the SDK with the Box configuration file and create a client that uses the Service Account.
    BoxConfig boxConfig = BoxConfig.readFrom(reader);
    BoxDeveloperEditionAPIConnection serviceAccountClient = BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(boxConfig);
} catch (....

I debugged the code to make sure that the boxConfig object really contains all the keys form the json.

 

When the application tries to call the method

getAppEnterpriseConnection(boxConfig)

I get following exception:

Exception in thread "main" com.box.sdk.BoxAPIException: Error parsing PKCS private key for Box Developer Edition.
	at com.box.sdk.BoxDeveloperEditionAPIConnection.decryptPrivateKey(BoxDeveloperEditionAPIConnection.java:467)
	at com.box.sdk.BoxDeveloperEditionAPIConnection.constructJWTAssertion(BoxDeveloperEditionAPIConnection.java:405)
	at com.box.sdk.BoxDeveloperEditionAPIConnection.authenticate(BoxDeveloperEditionAPIConnection.java:315)
	at com.box.sdk.BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(BoxDeveloperEditionAPIConnection.java:174)
	at com.box.sdk.BoxDeveloperEditionAPIConnection.getAppEnterpriseConnection(BoxDeveloperEditionAPIConnection.java:206)
...
Caused by: org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: 1.2.***number removed for privacy***.1.5.13 not available: Illegal key size
	at org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(Unknown Source)
	at com.box.sdk.BoxDeveloperEditionAPIConnection.decryptPrivateKey(BoxDeveloperEditionAPIConnection.java:456)
	... 10 more
Caused by: org.bouncycastle.operator.OperatorCreationException: 1.2.***number removed for privacy***.1.5.13 not available: Illegal key size
	at org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder$1.get(Unknown Source)
	... 12 more
Caused by: java.security.InvalidKeyException: Illegal key size
	at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)
	at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1060)
	at javax.crypto.Cipher.init(Cipher.java:1536)
	at javax.crypto.Cipher.init(Cipher.java:1470)
	... 13 more

Is this a bug? When check the keys on the boxConfig all of them (except the private key of course) show the same values as in the Box platform on the browser. Is the version of the maven dependency wrong? Maybe the code of the tutorial does not work with that version?

    2 replies

    C
    Forum|alt.badge.img

    In the web I found a hack to get around this problem.

     

            // hack for JCE Unlimited Strength
        Field field = Class.forName("javax.crypto.JceSecurity").getDeclaredField("isRestricted");
        field.setAccessible(true);

        Field modifiersField = Field.class.getDeclaredField("modifiers");
        modifiersField.setAccessible(true);
        modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL);

        field.set(null, false);
    C
    Forum|alt.badge.img

    Thanks  for following up and posting the solution for others to see! Greatly appreciated!

    Terms & ConditionsCookie settingsAccessibility statement