Using Bouncy Castle with an Android app

by fba » Sat, 28 Aug 2010 06:55:39 GMT

Sponsored Links
 Has anyone managed to use Bouncy Castle in one of their apps?   I need
to be able to do detailed manipulations of x509 certificates (generate
CSRs, generate key pairs, convert between different certificate
formats, etc.), and BC seems the best way to do that.

I have tried putting the bcprov library in to my project, and then
just using BC like I normally would.   When the app is installed, a
large number of "DexOpt: not verifying"... messages pop up.  I suspect
this is because BC is already used in Android.  However, when I make
calls to certain methods in certain classes, I get errors like this :

java.lang.ClassCastException: org.bouncycastle.asn1.DERSequence

I suspect this is because of ambiguity between the classes that are
included in the OS, and the ones in my project.

Is there any way to get around this?  Maybe tell my program to use the
BC library that is included with it and ignore the one included in the

Or, could I get around this by making sure that I am using the same
version that is included in the OS?   (Or, in a nutshell, is the
ClassCastException likely to be a problem because the parameters
defined for the same method names don't match?)

Thanks for any help!


Using Bouncy Castle with an Android app

by Frank Weiss » Sat, 28 Aug 2010 07:17:17 GMT

 I suppose you might try asking the folks at BouncyCastle to provide an
Andorid/Dalvik/Harmony version or become a committer on that project.
(Damnit! I'm starting to see some merit to the Oracle vs
Google/Android lawsuit)


Sponsored Links

Using Bouncy Castle with an Android app

by Fabrizio Giudici » Sat, 28 Aug 2010 07:29:08 GMT

Hash: SHA1

I don't fully understand what's happening to you because more details
are needed, and generally speaking I think that Android would prevent
you from embedding in your app classes which are already present in
the runtime, but your problem seems to definitely fall within this area.

One possible solution (but it's about the symptom, not necessarily the
real cause and thus not necessarily the best solution) is to use a
static bytecode manipulator that renames packages in a jar. I use
Maven and there is the maven-shade-plugin, but I'm sure similar tools
exist for Ant. The basic idea is that if you have L.jar containing
com.acme.MyClass and A.jar referring to it, with the tool you can
directly feed in L.jar and A.jar and achieve L2.jar and A2.jar where
both the original class and its references have been replaced by
something such as This works for me (not for
BouncyCastle but for other stuff). With this trick, your source files
stay as they are, but the binary code gets fixed before being
converted to dex.

- -- 
Fabrizio Giudici - Java Architect, Project Manager
Tidalwave s.a.s. - "We make Java work. Everywhere." -
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - 



Using Bouncy Castle with an Android app

by joebowbeer » Tue, 31 Aug 2010 05:49:20 GMT

 If there's a conflict at runtime then you may not need to include the
BC classes yourself.  Just add BC to your bootclasspath for building.
Seems a bit fragile, though, even if it works...

Can you access the needed functionality via the



Using Bouncy Castle with an Android app

by joebowbeer » Tue, 31 Aug 2010 06:02:17 GMT

 By the way, bouncycastle is currently in libcore: ;a=tree;f=security


Using Bouncy Castle with an Android app

by joebowbeer » Tue, 31 Aug 2010 09:09:31 GMT

 By the way, the bouncycastle sources are currently in libcore: ;a=tree;f=security


Using Bouncy Castle with an Android app

by Robert Nekic » Tue, 31 Aug 2010 21:46:23 GMT

 I'm using bcprov-jdk16-145 in my app and it works fine.  I also see
the DexOpt messages in logcat and I get some build warnings from it
(Ignoring InnerClasses attribute for an anonymous inner class that
doesn't come with an associated EnclosingMethod attribute. (This class
was probably produced by a broken compiler.)

Regardless, it ultimately builds and appears to work properly.  I'm
using it for some x509 stuff but I haven't encountered any

I'd love to remove it if this stuff is actually available in Android
somewhere since the jar adds quite a lot of bulk to my app.


Using Bouncy Castle with an Android app

by fba » Wed, 01 Sep 2010 05:49:25 GMT

 (Robert Nekic) Have you tried to generate a CSR with BC in your app?
I seem to be able to do a lot of different certificate related things,
but hit the ClassCastException when I try to generate a CSR.

The other route I have looked at is CoDec, but the license listed on
SourceForge doesn't match the license in the code.   I have contacted
the developers who have said they will get back to me, but I am
looking for a mitigation route if the license doesn't pan out how I
would hope.

Does anyone know of any other libraries that would work for
certificate manipulation?   The classes don't have
any obvious way to generate a CSR, so I am not sure that will work.
Also, I don't need to be able to actually generate SSL sessions using
the certificates, since they are fed in to another program that
handles all of that.  I just need to be able to work with the


Other Threads

1. broadcast any intent if new email is received

Hi all,

Do any one know how to broadcast any intent if new email is



2. Need info in Thai ID3

Can any one tell me how to add ID3 suport for thai characters...
ie..,  ISO-8859-11 support


3. Can Bitmap native resources be recycled by Garbage Collector?

4. Opengl ES 2.0 camera setup

5. Make the activity blur/dim with startActivityForResult

6. Two way contact sync

7. I'm done with development, how do i publish my apk