Security "Crypto" Provider Deprecated in Android N

Caused by: java.security.NoSuchProviderException: no such provider: Crypto - Android N

Quoting Google:

The “Crypto” security provider has been removed. Any call to the Java Cryptography Extension (JCE) APIs with a Provider listed should only be done if the provider is included in the code of the APK or be able to deal with it’s absence. The reason applications use this provider is to take advantage of its SecureRandom implementation. If your app was relying on setSeed() to derive keys from strings, you should switch to using SecretKeySpec to load raw key bytes directly OR
use a real key derivation function (KDF).

Hence, this is working as intended.

If I change the provider and Algorithm then it will affect user who are all using the app currently.

It appears that you are using that provider only for your random number generation. Hence, switching to a different random number generator, and you follow Google's instructions, this should not affect existing users, if I understand correctly.

And, if I am misunderstanding how you are using Crypto (as I rarely use JCE directly), develop a migration path to upgrade existing users of your app to a different algorithm. Android N should not ship in production form for another couple of months, and even then it will be a slow uptake.

Why java.security.NoSuchProviderException No such provider: BC?

Im not very familiar with the Android sdk, but it seems that the android-sdk comes with the BouncyCastle provider already added to the security.

What you will have to do in the PC environment is just add it manually,

Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

if you have access to the policy file, just add an entry like:

security.provider.5=org.bouncycastle.jce.provider.BouncyCastleProvider 

Notice the .5 it is equal to a sequential number of the already added providers.



Related Topics



Leave a reply



Submit