2

I am new to cryptography. I want to use Spongy Castle to encrypt (AES) to a file and write it to the disk. Do I need all the four(4) dependencies in my .gradle file?

compile 'com.madgag.spongycastle:core:1.51.0.0'
compile 'com.madgag.spongycastle:prov:1.51.0.0'
compile 'com.madgag.spongycastle:pkix:1.51.0.0'
compile 'com.madgag.spongycastle:pg:1.51.0.0'
georgeok
  • 5,321
  • 2
  • 39
  • 61

1 Answers1

12

Both pg and pkix depend on prov which depends core, so this should be sufficient to add all four jars to your project.

compile 'com.madgag.spongycastle:bcpkix-jdk15on:<version>'
compile 'com.madgag.spongycastle:bcpg-jdk15on:<version>'

But do you need both pkix and pg? One contains the APIs for PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF and the other contains the OpenPGP APIs. You should only include the one you actually need.

Finally, unless you have a VERY GOOD REASON you should use the latest version of SpongyCastle - not just the version you copy-pasted from another StackOverflow answer. You can find the latest version on Maven Central

Enrico
  • 10,377
  • 8
  • 44
  • 55
  • 1
    The names have changed. You will need to use bcpkix-jdk15on instead of pkix and bcpg-jdk15on instead of pg, i.e. compile 'com.madgag.spongycastle:bcpkix-jdk15on:' resp. compile 'com.madgag.spongycastle:bcpg-jdk15on:' – winne2 Nov 14 '17 at 17:36
  • Adding bcpkix-jdk15on is enough as it depeneds on prov and core? So there is no need of adding prov and core dependency explicitly? – Kalai.G Sep 26 '18 at 11:18
  • 1
    No, they should already be dependencies of bcpkix or bcpg and will be included in your project automatically by maven or gradle – Enrico Sep 26 '18 at 11:21