3

In this stackoverflow answer you can see a code to print all available providers and corresponding algorithms: How to find out what algorithm [ encryption ] are supported by my JVM?

I am using latest version of spongycastle and when I ask to get the algorithms of Spongycastle ("SC") on android I get only a handful of algorithm. In fact I get this very limited list:

provider: SC
algorithm: PBEWITHMD5ANDDES
algorithm: PBEWITHSHA256AND192BITAES-CBC-BC
algorithm: OLDHMACSHA384
algorithm: PBEWITHHMACSHA
algorithm: PBEWITHMD5ANDDES
algorithm: PKCS12PBE
algorithm: PBEWITHSHAAND128BITAES-CBC-BC
algorithm: IES
algorithm: PKIX
algorithm: RFC3280
algorithm: ISO9797ALG3MAC
algorithm: PBEWITHHMACSHA1
algorithm: CERTIFICATE
algorithm: PBEWITHSHAAND40BITRC2-CBC
algorithm: PBEWITHSHA1ANDDES
algorithm: PBEWITHMD5AND256BITA

On the other hand, when I ask to get the algos of SC on my linux machine I get a lot more algorithms. I haven't counted them but it is a list 10 times longer that the once you see above.

Where all the rest of the algorithms have gone ??

Because this project is not a typical android-java project but an Android-Scala project I have to use Proguard on every execution. Does this plays any role for the missing algorithms or is it something else?

Note1: I am using SC to generate a keypair, encrypt and decrypt with OpenPGP

Note2: Source code is tested to work perfectly on linux machine using OpenJDK-6, RSA algorithm for public key encryption and BLOWFISH algorithm as the random symmetric key

Community
  • 1
  • 1
George Pligoropoulos
  • 2,919
  • 3
  • 33
  • 65
  • Well, you are comparing 2 entirely different things. My guess would be the DVM doesn't implement all of the algorithms that a full JVM does. – Wesley Wiser Mar 29 '13 at 16:26
  • Shouldn't be that these algorithms come along with the library? Because if these are the only available libraries I could never use OpenPGP. I need RSA, BLOWFISH, CAST5 and other algorithms. And also is a fact that there are apps who have used spongycastle successfully to encrypt with openpgp – George Pligoropoulos Mar 29 '13 at 16:37

1 Answers1

5

You may need to include the SpongyCastle OpenPGP API jar, so check you're including that:

http://rtyley.github.com/spongycastle/#downloads

Other than that, a ProGuard configuration issue would be the obvious contender. Try specifying something like this in your proguard config file:

-keep class org.spongycastle.**
Roberto Tyley
  • 24,513
  • 11
  • 72
  • 101
  • As a surprise to me the list of available algorithms is still short but after your proguard config RSA appears on the list and I can do my job. So this seems to work for now but I need to do a little bit more testing. – George Pligoropoulos Mar 29 '13 at 22:55
  • Unfortunately I have effectively doubled the size of my apk! Maybe you could point out which portions of the spongycastle I should keep because keeping the whole library is ~2.5MB more in apk! – George Pligoropoulos Mar 29 '13 at 22:59
  • @GeorgePligor unfortunately you haven't given us enough information to duplicate your work - only by working with a full copy of your source can we ensure that you've kept enough with proguard to ensure that your app works. A suggestion: print out the class names of the implementation classes your caode gets back from SC, and start with just keeping those. – Roberto Tyley Mar 29 '13 at 23:21
  • First of all I must correct myself! After using your solution, I get all the algorithms as on linux! The mistake from the Log object which has a limit on the string length (which I hadn't come across before!) – George Pligoropoulos Mar 29 '13 at 23:54
  • I am sorry I didn't get what exactly you mean by this: *print out the class names of the implementation classes your caode gets back from SC, and start with just keeping those*. I have all the implementation in a very useful helper class which can create keypairs, encode files/string and decode them which I have no problem sharing with you in order to guide me. Thank you! – George Pligoropoulos Mar 29 '13 at 23:58
  • 2
    I can confirm that none of these: `-keep class org.spongycastle.openpgp.**`, `-keep class org.spongycastle.bcpg.**`, `-keep class org.spongycastle.jce.**`, `-keep class org.spongycastle.crypto.**`, works. If each one of the above is used instead of `-keep class org.spongycastle.**` then the algorithms are not preserved – George Pligoropoulos Mar 30 '13 at 08:22
  • @GeorgePligor don't forget that you only want a small subset of algorithms - just the ones you need to get your app to work. If you are just evaluating your proguard configuration based on whether the full list of algorithms appears, only the full 2.5MB of Spongy Castle can satisfy that. Identify just the algorithms you need, make sure it's easy for you to tell from your debug whether they are present are not. – Roberto Tyley Mar 30 '13 at 09:14
  • For starters I need RSA. Which part of the library should I keep? – George Pligoropoulos Mar 30 '13 at 16:32
  • 5
    @GeorgePligor FYI, just a `-keep class org.spongycastle.jcajce.provider.**` was enough to keep ECDSA providers for me. Could you check if that works for you as well, and if so, update your answer? – DCKing May 28 '14 at 13:40