As an example, this is how you could for instance add the Spongy Castle (repackage of Bouncy Castle) Security Provider, and ensure it is used in preference to other security providers:A more elaborate JCA overview would lead us too far for this post, but a thorough examination of the Android Cryptographic Providers can be found in the Android Security Internals book by Nikolay Elenkov (No Starch Press). the documentation, and basically boils down to adding the Google Play Services API as a dependency.
Internally Google referes to Google Play Services as Google Mobile Services (GMS), so that’s where the GMS moniker is coming from…The gateway to this new security provider is through the com.google.android.gms.security package and thecom.google.android.gms.security.ProviderInstaller class therein.
onCreate()method of an Activity: isGooglePlayServicesAvailable. If the result code is SUCCESS, then the Google Play Services APK is up-to-date and can be used. For usage in the onProviderInstallFailed callback, either you can use the returned errorCode with a standard resolving UI provided by GooglePlayServicesUtil, or you can use the returned recoveryIntent to implement your own custom UI.
Security.getProviders()method. When we run this application on a Nexus 5 with Android 4.4.4, we see the following Security Providers loaded: When we add the code to load the Google Play Services Dynamic Security Provider, and run the same test, we see: The
Security.getProviders()method returns the providers in their preference order, and as such we can verify that:
- the Google Play Services Dynamic Security Provider is now loaded (with the GmsCore_OpenSSL name)
- and has been loaded as the first one to use, in preference of the other providers
|Cipher||ARC4 AES/CBC/NoPadding AES/CBC/PKCS5Padding AES/CFB/NoPadding AES/CTR/NoPadding AES/ECB/NoPadding AES/ECB/PKCS5Padding AES/OFB/NoPadding DESEDE/ECB/NoPadding DESEDE/ECB/PKCS5Padding DESEDE/CBC/NoPadding DESEDE/CBC/PKCS5Padding DESEDE/CFB/NoPadding DESEDE/OFB/NoPadding RSA/ECB/NoPadding RSA/ECB/PKCS1Padding|
|KeyFactory||DH DSA EC RSA|
|KeyPairGenerator||DH DSA EC RSA|
|Mac||HmacMD5 HmacSHA1 HmacSHA224 HmacSHA256 HmacSHA384 HmacSHA512|
|MessageDigest||MD5 SHA-1 SHA-224 SHA-256 SHA-384 SHA-512|
|Signature||ECDSA MD5WithRSA NONEwithRSA SHA1WithRSA SHA224WithRSA SHA256WithRSA SHA384WithRSA SHA512WithRSA SHA1withDSA SHA224withECDSA SHA256withECDSA SHA384withECDSA SHA512withECDSA|
This content is licensed under Creative Commons Attribution 4.0
- Google Play Services 5.0 announcement: http://android-developers.blogspot.de/2014/07/google-play-services-5.html ↩
- Java Cryptography Architecture (JCA) Reference guide: http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html ↩
- Cryptographic service providers: http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#ProviderArch ↩