我工作的公司对
Android应用程序开发持谨慎态度,因为默认加密库Bouncy Castle未通过FIPS-140认证.我无能为力改变他们的思想或政策.
我想知道我有什么选择安装(或至少捆绑)SunJCE与我的应用程序.
首先,我找不到我要下载这个jar的最新版本的地方.我尝试从我的桌面抓取jce jar并将其设置为我的Android项目中的内部jar并收到这个有趣的,如果不祥的消息:
Attempt to include a core class
(java.* or javax.*) in something other
than a core library. It is likely that
you have attempted to include in an
application the core library (or a
part thereof) from a desktop virtual
machine. This will most assuredly not
work. At a minimum,it jeopardizes the
compatibility of your app with future
versions of the platform. It is also
often of questionable legality.
If you really intend to build a core
library — which is only appropriate
as part of creating a full virtual
machine distribution,as opposed to
compiling an application — then use
the “–core-library” option to
suppress this error message.
If you go ahead and use
“–core-library” but are in fact
building an application,then be
forewarned that your application will
still fail to build or run,at some
point. Please be prepared for angry
customers who find,for example,that
your application ceases to function
once they upgrade their operating
system. You will be to blame for this
problem.
If you are legitimately using some
code that happens to be in a core
package,then the easiest safe
alternative you have is to repackage
that code. That is,move the classes
in question into your own package
namespace. This means that they will
never be in conflict with core system
classes. If you find that you cannot
do this,then that is an indication
that the path you are on will
ultimately lead to pain,suffering,
grief,and lamentation.
我不是一个痛苦,痛苦,悲伤或悲伤的人,所以我想知道正确的方法来完成这项任务,只要这是我应该尝试的事情.
由于遇到编译器错误,您无法导入java.*或javax.*类.遵循他们的指示应该工作,但更改JCE大小的东西的包可能是重要的,我不知道结果是否仍然符合FIPS-140的条件.另外,如果JCE是用纯Java实现的,那么它在Android上可能会很慢.除非JCE来自GPL版本的Java或其他一些开源实现,否则错误消息提示的许可问题是相关的.
还有其他可用的FIPS-140加密库,例如NSS,它们具有Java绑定,还有一些可以编写Java绑定的加密库.您可以让其中一个使用NDK的人在Android上运行.
