androidgradlespongycastle

Android Spongy Castle Gradle dependencies


I am new to cryptography. I want to use Spongy Castle to encrypt (AES) to a file and write it to the disk. Do I need all the four(4) dependencies in my .gradle file?

compile 'com.madgag.spongycastle:core:1.51.0.0'
compile 'com.madgag.spongycastle:prov:1.51.0.0'
compile 'com.madgag.spongycastle:pkix:1.51.0.0'
compile 'com.madgag.spongycastle:pg:1.51.0.0'

Solution

  • Both pg and pkix depend on prov which depends core, so this should be sufficient to add all four jars to your project.

    compile 'com.madgag.spongycastle:bcpkix-jdk15on:<version>'
    compile 'com.madgag.spongycastle:bcpg-jdk15on:<version>'
    

    But do you need both pkix and pg? One contains the APIs for PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF and the other contains the OpenPGP APIs. You should only include the one you actually need.

    Finally, unless you have a VERY GOOD REASON you should use the latest version of SpongyCastle - not just the version you copy-pasted from another StackOverflow answer. You can find the latest version on Maven Central