Does every Android phone support SHA-256

Asked 12/4, 2012 at 18:11 Answered 19/4, 2019 at 12:33

So reading this post: How can I calculate the SHA-256 hash of a string in Android?

and the docs: http://developer.android.com/reference/java/security/MessageDigest.html

I'm curious; which phones will support SHA-256? In the docs, the line about the 'NoSuchAlgorithmException' makes me think that some phones don't support all algorithms. Before I go implementing this for an app and expecting it to work the same on all phones I want to know if anyone knows anything about this...?

I find it strange that the MessageDigest class doesn't have some constants to pick the algorithm you want to use.

Cobber answered 12/4, 2012 at 18:11 Comment(1)

+1 Good question. I agree completely that there should be constants. – Technics 12/4, 2012 at 18:24

All Android devices support SHA-256. The NoSuchAlgorithmException indicates that a requested algorithm could not be found and is necessary because the method takes a String argument for the algorithm name. If you passed in "foo-256", the method's only recourse is to throw a NoSuchAlgorithmException because, for reasons beyond my understanding, there's no algorithm called "foo-256". Assuming you're passing in a name you're sure is an algorithm that Android can use, you'll never see that exception.

Technics answered 12/4, 2012 at 18:21 Comment(3)

While I mostly agree, you can't be 100% sure that all devices support SHA-256. However unlikely, someone might decide to save a few bytes and take it out. Especially since, unless device have the Market/Play app, there is no clear definition on what 'Android' has to support. You can always list supported algorithms/mechanisms with something like this if you need to be sure: #3683802 – Paschal 13/4, 2012 at 2:27

Well: 1. Android has never used the JDK: both the core libraries (some derived from Apache Harmony) and the JVM (Dalvik) are its own. 2. MessageDigest is just a JCE interface, to be able to use SHA-256, MD5 or whatever, there needs to be a Provider that implements those algorithms. Android's JCE provider is derived from BouncyCastle and is known to be quite stripped, especially on earlier Android versions. Manufacturers do customize both the framework, sometimes quite aggressively. That could include the system JCE provider as well. – Paschal 13/4, 2012 at 15:28

You are actually missing the point: interface != implementation. – Paschal 16/4, 2012 at 13:27

Add NoSuchAlgorithmException as below:

public static String SHA256 (String text) throws NoSuchAlgorithmException {

    MessageDigest md = MessageDigest.getInstance("SHA-256");

    md.update(text.getBytes());
    byte[] digest = md.digest();

    return Base64.encodeToString(digest, Base64.DEFAULT);
}

Kehoe answered 18/9, 2013 at 18:17 Comment(0)

According to the Android Documentations for MessageDigest, SHA-256 is supported since API 1.

Dysteleology answered 19/4, 2019 at 12:33 Comment(0)

SHA-256withRSA is NOT supported in older android versions (verified the same in Android 4.0.3, 4.1.1). I have experienced this problem while using JSCEP. The digest algorithm returned by SCEP server is SHA-256. But SHA-256withRSA is not present in any default SecurityProviders in those android versions. Found a relevant link: Which versions of Android support which package signing algorithms?

This link shows that SHA-256withRSA was added later: https://android-review.googlesource.com/44360

Extort answered 4/11, 2014 at 17:24 Comment(0)

Recommended topics

Hot tags