我工作的公司对 Android 应用程序开发持谨慎态度,因为默认的加密库 Bouncy CaSTLe 未通过 FIPS-140 认证。我无法改变他们的想法或政策。
我想知道在我的应用程序中安装(或至少 bundle )SunJCE 有哪些选项。
首先,我找不到在哪里可以下载这个 jar 的最新版本。我尝试从我的桌面上抓取 jce jar 并将其设置为我的 Android 项目中的内部 jar 并收到这条有趣但不祥的消息:
Attempt to include a core class (java.* or javax.*) in something other than a core library. It is likely that you have attempted to include in an application the core library (or a part thereof) from a desktop virtual machine. This will most assuredly not work. At a minimum, it jeopardizes the compatibility of your app with future versions of the platform. It is also often of questionable legality.
If you really intend to build a core library -- which is only appropriate as part of creating a full virtual machine distribution, as opposed to compiling an application -- then use the "--core-library" option to suppress this error message.
If you go ahead and use "--core-library" but are in fact building an application, then be forewarned that your application will still fail to build or run, at some point. Please be prepared for angry customers who find, for example, that your application ceases to function once they upgrade their operating system. You will be to blame for this problem.
If you are legitimately using some code that happens to be in a core package, then the easiest safe alternative you have is to repackage that code. That is, move the classes in question into your own package namespace. This means that they will never be in conflict with core system classes. If you find that you cannot do this, then that is an indication that the path you are on will ultimately lead to pain, suffering, grief, and lamentation.
我不是一个喜欢痛苦、苦难、悲伤或哀叹的人,所以我想知道完成这项任务的正确方法,前提是这是我应该尝试的事情。
最佳答案
由于遇到编译器错误,您将无法导入 java.* 或 javax.* 类。遵循他们的说明应该可行,但更改 JCE 大小的包可能很重要,我不知道结果是否仍符合 FIPS-140 的要求。另外,如果 JCE 是用纯 Java 实现的,它在 Android 上可能会很慢。除非 JCE 来自 Java 的 GPL 版本或其他一些开源实现,否则错误消息提示的许可问题是相关的。
还有其他可用的 FIPS-140 加密库,例如 NSS ,具有 Java 绑定(bind),以及您可能可以为其编写 Java 绑定(bind)的其他内容。您可以让其中一个使用 NDK 的人在 Android 上运行。
关于java - 在 Android 上安装 SunJCE?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3400968/