All Products
Search

This Product

    Blockchain as a Service:Blockchain as a Service:FAQ

    Document Center

    Blockchain as a Service:Blockchain as a Service:FAQ

    Last Updated:Mar 31, 2026

    This page covers common issues in the current Java SDK version. To look up error codes, see Error code description.

    Note

    If you receive error code SERVICE_TX_WAITING_VERIFY=413 or SERVICE_TX_WAITING_EXECUTE=414 when sending a transaction, call the receipt query API to locate the problem.

    user.key loading failure with an "illegal key size" error

    The default configuration of a specific JDK limits the key length, which prevents the SDK from decrypting user.key on load. The fix is to override that policy at startup.

    Symptom:

    09:49:40.623 [main] ERROR com.github.lyd.msg.provider.DemoSample - unable to read private key,wrong password? errorCode :{MychainSdkErrorCodeEnum{errorCode='30001', errorDesc='sdk invalid private key'}}
09:49:40.626 [main] ERROR com.github.lyd.msg.provider.DemoSample - unable to read encrypted data: 1.2.840.113549.1.12.1.3 not available: Illegal key size or default parameters
Exception in thread "main" com.alipay.mychain.sdk.exceptions.MychainSdkException: unable to read encrypted data: 1.2.840.113549.1.12.1.3 not available: Illegal key size or default parameters

    Solution:

    Add the following code to the beginning of the main function in DemoSample.java:

    String errorString = "Failed to modify key-length permissions";
int newMaxKeyLength;
try {
    if ((newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES")) < 256) {
        // Unlock unlimited key length via reflection
        System.out.println("will modify aes length");
        Class c = Class.forName("javax.crypto.CryptoAllPermissionCollection");
        Constructor con = c.getDeclaredConstructor();
        con.setAccessible(true);
        Object allPermissionCollection = con.newInstance();
        Field f = c.getDeclaredField("all_allowed");
        f.setAccessible(true);
        f.setBoolean(allPermissionCollection, true);
        c = Class.forName("javax.crypto.CryptoPermissions");
        con = c.getDeclaredConstructor();
        con.setAccessible(true);
        Object allPermissions = con.newInstance();
        f = c.getDeclaredField("perms");
        f.setAccessible(true);
        ((Map) f.get(allPermissions)).put("*", allPermissionCollection);
        // Remove the final modifier on JceSecurityManager.defaultPolicy and replace it
        c = Class.forName("javax.crypto.JceSecurityManager");
        f = c.getDeclaredField("defaultPolicy");
        f.setAccessible(true);
        Field mf = Field.class.getDeclaredField("modifiers");
        mf.setAccessible(true);
        mf.setInt(f, f.getModifiers() & ~Modifier.FINAL);
        f.set(null, allPermissions);
        newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES");
    }
} catch (Exception e) {
    throw new RuntimeException(errorString, e);
}
if (newMaxKeyLength < 256) {
    throw new RuntimeException(errorString);
}

    This code checks whether the JVM allows AES keys of 256 bits or longer. If not, it uses reflection to replace JceSecurityManager.defaultPolicy with an unrestricted permissions set, raising the effective key length limit. If the limit still cannot be raised after the replacement, startup fails with "Failed to modify key-length permissions".