I am interested to know if some platform providers have tried changing this default and wrote their own cipher service providers? e.g. in cases where AES HW accelerator exists in HW - to provide higher performance and power optimized implementation instead of bouncycastle version that runs on host?
Is there any data that tells me how often the javax.crypto is used by various marketplace apps to assess the ROI of writing such service provider? What is the most common usage of crypto in Android? Thanks, -Rajesh ________________________________ From: Brian Carlstrom <[email protected]> To: Pandit <[email protected]> Cc: Android Security Discussions <[email protected]> Sent: Thursday, October 27, 2011 10:38 PM Subject: Re: [android-security-discuss] Dalvik crypto provider It depends. The default SSLSocket implementation uses OpenSSL for all communication, so any AES used within that context will be from OpenSSL. However, if you are just using a Cipher for AES, that currently is just done with bouncycastle. Mostly alternative OpenSSL implementations have done where warranted for system use such as MessageDigests (md5/sha1/etc) and for RSA signature verification (but not signing, which means its not a full Signature implementation). I was a bit surprised the Cipher's weren't done in OpenSSL, but then a survey of the source tree showed why, there wasn't really any usage to motivate it. -bri On Thu, Oct 27, 2011 at 7:51 AM, Pandit <[email protected]> wrote: Does Dalvik VM on Android actually (or eventually) use OpenSSL >implementation or some thing else? For an example, the implementation >of AES? > >Thank you, >- Pandit > >-- >You received this message because you are subscribed to the Google Groups >"Android Security Discussions" group. >To post to this group, send email to [email protected]. >To unsubscribe from this group, send email to >[email protected]. >For more options, visit this group at >http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
