Using Bouncy Castle with an Android app

by fba » Sat, 28 Aug 2010 06:55:39 GMT


Sponsored Links
 Has anyone managed to use Bouncy Castle in one of their apps?   I need
to be able to do detailed manipulations of x509 certificates (generate
CSRs, generate key pairs, convert between different certificate
formats, etc.), and BC seems the best way to do that.

I have tried putting the bcprov library in to my project, and then
just using BC like I normally would.   When the app is installed, a
large number of "DexOpt: not verifying"... messages pop up.  I suspect
this is because BC is already used in Android.  However, when I make
calls to certain methods in certain classes, I get errors like this :

java.lang.ClassCastException: org.bouncycastle.asn1.DERSequence


I suspect this is because of ambiguity between the classes that are
included in the OS, and the ones in my project.

Is there any way to get around this?  Maybe tell my program to use the
BC library that is included with it and ignore the one included in the
OS?

Or, could I get around this by making sure that I am using the same
version that is included in the OS?   (Or, in a nutshell, is the
ClassCastException likely to be a problem because the parameters
defined for the same method names don't match?)

Thanks for any help!

--



Using Bouncy Castle with an Android app

by Frank Weiss » Sat, 28 Aug 2010 07:17:17 GMT


 I suppose you might try asking the folks at BouncyCastle to provide an
Andorid/Dalvik/Harmony version or become a committer on that project.
(Damnit! I'm starting to see some merit to the Oracle vs
Google/Android lawsuit)

--


Sponsored Links


Using Bouncy Castle with an Android app

by Fabrizio Giudici » Sat, 28 Aug 2010 07:29:08 GMT


 -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



I don't fully understand what's happening to you because more details
are needed, and generally speaking I think that Android would prevent
you from embedding in your app classes which are already present in
the runtime, but your problem seems to definitely fall within this area.

One possible solution (but it's about the symptom, not necessarily the
real cause and thus not necessarily the best solution) is to use a
static bytecode manipulator that renames packages in a jar. I use
Maven and there is the maven-shade-plugin, but I'm sure similar tools
exist for Ant. The basic idea is that if you have L.jar containing
com.acme.MyClass and A.jar referring to it, with the tool you can
directly feed in L.jar and A.jar and achieve L2.jar and A2.jar where
both the original class and its references have been replaced by
something such as foo.bar.com.acme.MyClass. This works for me (not for
BouncyCastle but for other stuff). With this trick, your source files
stay as they are, but the binary code gets fixed before being
converted to dex.

- -- 
Fabrizio Giudici - Java Architect, Project Manager
Tidalwave s.a.s. - "We make Java work. Everywhere."
java.net/blog/fabriziogiudici - www.tidalwave.it/people
fabrizio.giud...@tidalwave.it
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla -  http://enigmail.mozdev.org/ 

iEYEARECAAYFAkx4SjMACgkQeDweFqgUGxfolwCfeStWh31mcmgzcRdjkcbCNA+Y
qOsAn0Twzw2rUyRDwSh5hT2UKyUD/dzK
=zjwJ
-----END PGP SIGNATURE-----

--



Using Bouncy Castle with an Android app

by joebowbeer » Tue, 31 Aug 2010 05:49:20 GMT


 If there's a conflict at runtime then you may not need to include the
BC classes yourself.  Just add BC to your bootclasspath for building.
Seems a bit fragile, though, even if it works...

Can you access the needed functionality via the java.security
framework?

Joe




--



Using Bouncy Castle with an Android app

by joebowbeer » Tue, 31 Aug 2010 06:02:17 GMT


 By the way, bouncycastle is currently in libcore:

 http://android.git.kernel.org/?p=platform/libcore.git ;a=tree;f=security





--



Using Bouncy Castle with an Android app

by joebowbeer » Tue, 31 Aug 2010 09:09:31 GMT


 By the way, the bouncycastle sources are currently in libcore:

 http://android.git.kernel.org/?p=platform/libcore.git ;a=tree;f=security




--



Using Bouncy Castle with an Android app

by Robert Nekic » Tue, 31 Aug 2010 21:46:23 GMT


 I'm using bcprov-jdk16-145 in my app and it works fine.  I also see
the DexOpt messages in logcat and I get some build warnings from it
(Ignoring InnerClasses attribute for an anonymous inner class that
doesn't come with an associated EnclosingMethod attribute. (This class
was probably produced by a broken compiler.)

Regardless, it ultimately builds and appears to work properly.  I'm
using it for some x509 stuff but I haven't encountered any
ClassCastExceptions.

I'd love to remove it if this stuff is actually available in Android
somewhere since the jar adds quite a lot of bulk to my app.






--



Using Bouncy Castle with an Android app

by fba » Wed, 01 Sep 2010 05:49:25 GMT


 (Robert Nekic) Have you tried to generate a CSR with BC in your app?
I seem to be able to do a lot of different certificate related things,
but hit the ClassCastException when I try to generate a CSR.

The other route I have looked at is CoDec, but the license listed on
SourceForge doesn't match the license in the code.   I have contacted
the developers who have said they will get back to me, but I am
looking for a mitigation route if the license doesn't pan out how I
would hope.

Does anyone know of any other libraries that would work for
certificate manipulation?   The java.security.cert classes don't have
any obvious way to generate a CSR, so I am not sure that will work.
Also, I don't need to be able to actually generate SSL sessions using
the certificates, since they are fed in to another program that
handles all of that.  I just need to be able to work with the
certificates.





--



Other Threads

1. Regarding accessing a Content Provider from standalone base class

Hi All,
         I have a Service which creates a SQLite database and stores
some information. I hav exposed a Content provider to access the DB
for others. Now i want to access the content provider from a
standalone base class in android open source say Camera class in
Camera.java.
Please let me know how to go about it.

Thanks and Regards,
Alhad

-- 

2. Tabs

I want to display the footer text to the tabs and i want to create
tabs with images .

please help me i am the android beginer.

Thanks.

--~--~---------~--~----~------------~-------~--~----~

3. Reference an integer resource for Android manifest versionCode

4. front-facing camera access for htc thunderbolt and incredible 2?

5. Audio streaming

6. ClientLogin vulnerability

7. Connection between Android phone and python server suggestion