Which JCE provider to use on Android ? Bouncy Castle, Conscrypt,...?

Question

I’m starting the development of an Android App using ECC Cryptography. I have seen that Android embeds some Cryptography (defined here https://developer.android.com/guide/topics/security/cryptography ) but it is limited either in term of algorithm’s parameters supported or concerning the Android API version supported. For example, “EC” parameter (aka elliptic curve cryptography) is supported by AlgorithmParameters class only for Android API version 26+ (= Android 8.0 and above) which is very restrictive.

So far, the solution was to use a JCE provider like “Bouncy Castle”. However, I have seen on https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html that it will be deprecated for the future Android P. Android P will use the cryptography features available in Conscrypt (based on boringSSL).

I want my application to work on current Android versions (>= to API 21) and I want it to work on Android P so what JCE provider shall I use?

I have tried to use Conscrypt with a Samsung Galaxy S7 running Android API version 24 (= Android 7.0) but I have a crash when I mount it as the security provider. In my MainActivity.java class, I have used:

static {
    try {
        Security.insertProviderAt(Conscrypt.newProvider(), 1);

    } catch (NoClassDefFoundError e) {
        e.printStackTrace();
    }
}

I get the following crash:

java.lang.UnsatisfiedLinkError: No implementation found for java.lang.String[] org.conscrypt.NativeCrypto.get_cipher_names(java.lang.String) (tried Java_org_conscrypt_NativeCrypto_get_1cipher_1names and Java_org_conscrypt_NativeCrypto_get_1cipher_1names__Ljava_lang_String_2)

Do you know if Conscript can be used with current Android API versions?

Thanks

Answer 1

I have received an answer from the GoogleGroup dedicated to Conscrypt. The Conscrypt documentation was lacking some instructions about how to use it on Android (this is fixed now). On Android, App/build.gradle should contain:

implementation 'org.conscrypt:conscrypt-android:2.5.1' 

I had a "java.lang.UnsatisfiedLinkError" because I was using:

compile 'org.conscrypt:conscrypt-openjdk:1.1.3:'

This is wrong because this line is for OpenJDK.

On more thing: I have been told that Conscrypt on Android works as far back as API level 9 (Gingerbread).

Google GitHub Link: https://github.com/google/conscrypt