Closed Neustradamus closed 4 years ago
both are supported. See the module https://github.com/komputing/KEthereum/tree/master/crypto_impl_bouncycastle
@ligi: Thanks for your comment! Currently Bouncy Castle last version is 1.65 and Spongy Castle last version is 1.58. Spongy Castle is a fork of Bouncy Castle. Please look previous links :)
Since several years, a lot of projects have already moved from Spongy Castle to Bouncy Castle because the project is dead.
You can see discussion "34" in https://github.com/rtyley/spongycastle/issues.
Please remove all Spongy Castle parts.
I am not sure this is possible. AFAIK for Android I need to use spongycastle as bouncycastle clashes with the platform implementation.
@ligi: No, it is used by several projects.
@Neustradamus do you know since which minSDK? Pretty sure there are phones out there that need the use of spongycastle
@ligi: Can you see on the old SC issue? And you can ask on it if you have not the answer ^^
There are older android versions where this is still an issue as far as I see. So I think I will not remove SC - perhaps make more clear in the README that it should not be used - only if you need to target old android versions. But I see no reason (yet) I need to remove it.
@ligi: The change has been done for what Android SDK?
You will be in a list about not secured projects :/
@ligi: It is since Android Ice Cream Sandwich (Honeycomb was not open-source):
You will be in a list about not secured projects :/
? you can use bouncycastle if you want - so this does not really make sense IMHO
About CVE in Spongy Castle ;)
? can you give me a URL? You really make no sense IMHO
@ligi: It is here: https://github.com/komputing/KEthereum/issues/86#issue-598739026
you can use bouncycastle. The spongycasle module is only an option if you need to target old android versions.
@ligi: It is not solved! Please reopen it!
spongycastle is an option for targeting old android devices there is now a warning it should only be used for this use-case
@ligi: For Android =< 3.0, always used for you?
no and why always?
You have replied, you can remove Spongy Castle from the code :) Bouncy Castle works with all Android versions > 3.0.
no - this library might be used to target Android versions <= 3 - I do not see a reason to prevent this by removing the option
For more security, can you change old spongycastle (based on old bouncycastle) to bouncycastle?