How to include the Spongy Castle JAR in Android?
These are two very simple examples of how to include Spongy Castle in a project:
- github.com/rtyley/spongycastle-eclipse - Eclipse
- github.com/rtyley/toy-android-ssh-agent - Maven
Since v1.47, Spongy Castle has been split into separate sub-jars that exactly mirror the matching Bouncy Castle artifacts (eg sc-light-jdk15on.jar
, scpg-jdk15on.jar
, etc), and it is important to ensure you include all the Spongy Castle jars required for what you're doing.
Full information on dependencies can be found at:
http://rtyley.github.com/spongycastle/#downloads
At minimum you'll need the sc-light-jdk15on.jar
(the base lightweight-API implementation) and probably scprov-jdk15on.jar
(the JCE wrapper around the lightweight-API). If you're using Maven then all this dependency-management stuff is taken care of for you.
The problematic dependencies you describe on javax.mail
, javax.activation
, etc, indicate that you might have chosen an incorrect jar (e.g. the every-single-library-component one, rather than the 'core provider' one) - as the scprov-jdk15on
jar definitely doesn't have any of those weird dependencies, and runs happily on Android.
(disclaimer, I'm the maintainer of Spongy Castle, but I've had plenty of success reports from other users too!)
Spongycastle provider not working on Android
If you use Eclipse, I recommended you download this example and compile it. Based on the example, "SC" is not a KeyStore
.
If you need another example, there is a good tutorial here (ECDH - Elliptic Curve Diffie Hellman on Android).
Android Spongy Castle Gradle dependencies
Both pg
and pkix
depend on prov
which depends core
, so this should be sufficient to add all four jars to your project.
compile 'com.madgag.spongycastle:bcpkix-jdk15on:<version>'
compile 'com.madgag.spongycastle:bcpg-jdk15on:<version>'
But do you need both pkix and pg? One contains the APIs for PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF and the other contains the OpenPGP APIs. You should only include the one you actually need.
Finally, unless you have a VERY GOOD REASON you should use the latest version of SpongyCastle - not just the version you copy-pasted from another StackOverflow answer. You can find the latest version on Maven Central
How I know if I using Bouncy Castle from jar or the one implemented in Android?
For at least the last several versions Android has fixed the namespace conflict by renaming the bouncycastle classes they use to com.android.**. I'm not exactly sure when this occurred, but looking at the source code repository at https://android.googlesource.com/platform/external/bouncycastle/+refs suggests the change happened starting with Ice Cream Sandwich -- API level 14.
I'm not sure what they did about the string-based provider lookups, e.g. Cipher.getInstance("AES/GCM/PKCS5PADDING", "BC")
. However, every getInstance()
method in the JCE also has a version where you can explicitly specify the Provider class, e.g. Cipher.getInstance("AES/GCM/PKCS5PADDING", new org.bouncycastle.jce.provider.BouncyCastleProvider())
which eliminates any ambiguity.
Add spongycastle as provider to Android Studio
You are missing the Spongy Castle JCE provider JAR.
compile 'com.madgag.spongycastle:prov:1.54.0.0'
Spongy Castle in Android
It maybe too late for this answer, however, here is an example of the implementation:
SpongyCastle should be the same as BountyCastle, just usable in Android.
import java.security.SecureRandom;
import java.security.Security;
public class SHA1PRNG {
//here i swapped out the bountycastle provider and used the spongycatle
static {
Security.addProvider(new org.spongycastle.jce.provider.BouncyCastleProvider());
}
public static void main(String[] args) throws Exception {
SecureRandom rng = SecureRandom.getInstance("SHA1PRNG");
rng.setSeed(711);
int numberToGenerate = 999;
byte randNumbers[] = new byte[numberToGenerate];
rng.nextBytes(randNumbers);
for(int j=0; j<numberToGenerate; j++) {
System.out.print(randNumbers[j] + " ");
}
}
}
From:
www.java2s.com/Code/Java/Security/SecureRandomSHA1PRNG.htm
java.util.zip.ZipException with spongycastle LICENSE.class
This is what happens if developers include their dependencies directly. The bad guy here is jumio-mobile-sdk
. This package includes classes of com.madgag.spongycastle
directly, instead of specifying them in a pom as it should be done.
Luckily for you, the other package is set up correctly, so you should be able to exclude spongycastle from it:
compile ('com.worldpay:cse-android-sdk:1.0.2'){
exclude group: 'com.madgag.spongycastle'
}
Now imagine both packages would've included the classes directly. The would've been no other possibility then to manually edit the files. This is why I hate it if someone does what the guys of jumio are doing. If you have the contacts, tell them to prepare their package for dependency systems, so this problem won't arise again.
Related Topics
Xmpp with Java Asmack Library Supporting X-Facebook-Platform
Google Gson Linkedtreemap Class Cast to Myclass
Android App Crashes After Sdk-Tools Update Version (Noclassdeffound, Tool Version 22)
"Hello World" Android App with as Few Files as Possible, No Ide, and Text Editor Only
How to Do an Https Post from Android
Setting Android Images from String Value
Convert Normal Java Array or Arraylist to JSON Array in Android
Click Is Not Working on the Listitem Listview Android
Android Calculate Days Between Two Dates
How to Draw an Arrowhead (In Android)
Eclipse: Jvm Terminated. Exit Code=2
How to Adjust Microphone Sensitivity While Recording Audio in Android
How to Close Another App in Android