Can I use Bouncy Castle Keystore.UBER on Android?

According to the Bouncy Castle documentation, there are three implementations KeyStore


The Bouncy Castle package has three keystore implementations.

The first "BKS" is a keystore that will work with keys in the same way as the Sun keystor "JKS". Keystore is resistant to tampering, but not testing.

> Second, Keystore.BouncyCastle or Keystore.UBER will only work with keytool if the password is specified on the command line, since the entire keystore is encrypted with PBE based on SHA1 and Twofish. PBEWithSHAAndTwofish-CBC. It makes a robust keystore of tampering and verification as well as strength verification. Sun JDK if keytool tries to load the keystore even if the password is missing, it is not possible for this version. (One might wonder about going to this whole problem and then with the command line password! New keyboard player?).

In the first case, the keys are encrypted using 3-Key-TripleDES.

The third is a PKCS12 compliant keystore. PKCS12 provides a slightly different situation from a regular keystore, the keystore password is currently the only password used to store keys. Otherwise it supports all the functions required to use it with Keytool. In some situations other libraries will always expect to work with Sun certificates, if so, use PKCS12-DEF and the certificates generated by the key store will be made using the default provider. In the default case, PKCS12 uses 3DES for the security key and 40 bits RC2 for certificate security. It is also possible to use 3DES for use with PKCS12-3DES-3DES or PKCS12-DEF-3DES-3DES as the KeyStore type.

I can't find any interesting information on this on the internet, nobody seems to be using it.

Can Keystore.BouncyCastle or Keystore.UBER be used on Android? How do I get a copy? KeyStore.getInstance("UBER","BC");

? Does it work well with all versions of Android?


source to share

1 answer

Yes, it can be used, get an instance:

KeyStore.getInstance("UBER", "SC");


In normal java code there should be a BC (BouncyCastle) provider here, however on Android SpongyCastle is used, so we need to put "SC" instead.



All Articles