Login/Register
Which JCE provider to use on Android ? Bouncy Castle, Conscrypt,...?
Asked Answered
Solved javaandroidbouncycastlejceboringssl
A

3

6

I’m starting the development of an Android App using ECC Cryptography. I have seen that Android embeds some Cryptography (defined here https://developer.android.com/guide/topics/security/cryptography ) but it is limited either in term of algorithm’s parameters supported or concerning the Android API version supported. For example, “EC” parameter (aka elliptic curve cryptography) is supported by AlgorithmParameters class only for Android API version 26+ (= Android 8.0 and above) which is very restrictive.

So far, the solution was to use a JCE provider like “Bouncy Castle”. However, I have seen on https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html that it will be deprecated for the future Android P. Android P will use the cryptography features available in Conscrypt (based on boringSSL).

I want my application to work on current Android versions (>= to API 21) and I want it to work on Android P so what JCE provider shall I use?

I have tried to use Conscrypt with a Samsung Galaxy S7 running Android API version 24 (= Android 7.0) but I have a crash when I mount it as the security provider. In my MainActivity.java class, I have used:

static {
    try {
        Security.insertProviderAt(Conscrypt.newProvider(), 1);

    } catch (NoClassDefFoundError e) {
        e.printStackTrace();
    }
}

I get the following crash:

java.lang.UnsatisfiedLinkError: No implementation found for java.lang.String[] org.conscrypt.NativeCrypto.get_cipher_names(java.lang.String) (tried Java_org_conscrypt_NativeCrypto_get_1cipher_1names and Java_org_conscrypt_NativeCrypto_get_1cipher_1names__Ljava_lang_String_2)

Do you know if Conscript can be used with current Android API versions?

Thanks

Administrate answered 11/7, 2018 at 8:3 Comment(0)
A
3

I have received an answer from the GoogleGroup dedicated to Conscrypt. The Conscrypt documentation was lacking some instructions about how to use it on Android (this is fixed now). On Android, App/build.gradle should contain:

implementation 'org.conscrypt:conscrypt-android:2.5.1'

I had a "java.lang.UnsatisfiedLinkError" because I was using:

compile 'org.conscrypt:conscrypt-openjdk:1.1.3:'

This is wrong because this line is for OpenJDK.

On more thing: I have been told that Conscrypt on Android works as far back as API level 9 (Gingerbread).

Google GitHub Link: https://github.com/google/conscrypt

Administrate answered 16/7, 2018 at 14:55 Comment(0)
H
0

Current Android versions include a shortened version of Bouncycastle and there is no full support for Elliptic Curve Cryptography.

I do not know if Android P is going to support ECC algorithms, but the most practical solution at this time is to distribute your application including the BouncyCastle packages and not depend on the native Android support

Hispanicize answered 11/7, 2018 at 14:9 Comment(0)
R
0

Latest version of Bouncy Castle libraries can be used on the application targeting above Android 3.0(API 11) by adding below dependencies.

    implementation "org.bouncycastle:bcprov-jdk15to18:1.68"
    implementation "org.bouncycastle:bcpkix-jdk15to18:1.68"

Note: Refer Provider, PKIX to get the latest version details.

Replace the Android OS Bouncycastle provider with the provider from the added library using below line.

// Remove the OS provided bouncy castle provider
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME)
// Add the bouncy castle provider from the added library
Security.addProvider(org.bouncycastle.jce.provider.BouncyCastleProvider())
Ronald answered 18/2, 2021 at 20:39 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.