Reputation: 2769
Can I use Bouncy Castle Keystore.UBER on Android?
According to Bouncy Castle documentation, there are three implementations of KeyStore:
The Bouncy Castle package has three implementation of a keystore.
The first "BKS" is a keystore that will work with the keytool in the same fashion as the Sun "JKS" keystore. The keystore is resistent to tampering but not inspection.
> The second, Keystore.BouncyCastle, or Keystore.UBER will only work with the keytool if the password is provided on the command line, as the entire keystore is encrypted with a PBE based on SHA1 and Twofish. PBEWithSHAAndTwofish-CBC. This makes the entire keystore resistant to tampering and inspection, and forces verification. The Sun JDK provided keytool will attempt to load a keystore even if no password is given, this is impossible for this version. (One might wonder about going to all this trouble and then having the password on the command line! New keytool anyone?).
In the first case, the keys are encrypted with 3-Key-TripleDES.
The third is a PKCS12 compatible keystore. PKCS12 provides a slightly different situation from the regular key store, the keystore password is currently the only password used for storing keys. Otherwise it supports all the functionality required for it to be used with the keytool. In some situations other libraries always expect to be dealing with Sun certificates, if this is the case use PKCS12-DEF, and the certificates produced by the key store will be made using the default provider. In the default case PKCS12 uses 3DES for key protection and 40 bit RC2 for protecting the certificates. It is also possible to use 3DES for both by using PKCS12-3DES-3DES or PKCS12-DEF-3DES-3DES as the KeyStore type.
I cant find any interesting information about this on Internet, it seems like nobody uses it.
Is is possible to use Keystore.BouncyCastle or Keystore.UBER on Android? How to get instance? KeyStore.getInstance("UBER","BC"); ? Does it work well with all android versions?
Upvotes: 3
Views: 1318
Answers (1)
Reputation: 2769
Yes, It can be used, get instance by:
KeyStore.getInstance("UBER", "SC");
In normal java code it should be "BC" (BouncyCastle) provider here, however on Android SpongyCastle is used, so we need to put "SC" here instead.
Upvotes: 3
Related Questions
- Can the Bouncy Castle cryptography API be used in Android?
- Wrong version of keystore on android call
- Can I use latest BouncyCastle provider on Android?
- Android PrivateKey to BouncyCastle PrivateKeyInfo?
- Android: opending a keystore as an asset to make an SSLSocketFactory
- Bouncycastle (Spongycastle) key import and use on android
- Read Certificate in android by bouncy castle
- Android bouncy castle: IOException
- Creating keystore BKS for https android connection
- Bouncycastle elliptic curve encryption on Android