javax.crypto.Cipher working differently since Android 6 Marshmallow

后端未结

关注

 2  1855

长情又很酷 2020-12-30 14:40

I\'ve been successfully using javax.crypto.Cipher.getInstance(\"DESede/CBC/NoPadding\") to Authenticate with DESFire cards on Android (following the example here: https://st

2条回答

盖世英雄少女心 (楼主)

2020-12-30 15:22
It seems they changed the default provider in Marshmallow.

A simple:
```
cipher.getProvider().getName();
```
Shows "AndroidOpenSSL" for Marshmallow, where it was "BC" (BouncyCastle I suppose) before.

Using the other getInstance overload...
```
 javax.crypto.Cipher cipher =
            javax.crypto.Cipher.getInstance("DESede/CBC/NoPadding","BC");
```
...gives me the expected result on my Nexus with Marshmallow.

Update: I now get this warning:

The BC provider is deprecated and when targetSdkVersion is moved to P this method will throw a NoSuchAlgorithmException. To fix this you should stop specifying a provider and use the default implementation
Cipher#getInstance should not be called with ECB as the cipher mode or without setting the cipher mode because the default mode on android is ECB, which is insecure.

So I have ended up using the other answer here that will (hopefully) work on all versions of Android.
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...