-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
For more security spongycastle -> bouncycastle #325
Comments
Hello @Neustradamus, in the current "develop" version, the SpongyCastle dependency is already removed along with the crypto provider abstraction layer. We need to update the docs to reflect that. Also, SpongyCastle was never included in the project automatically, it was a "provided" dependency. It was just allowed to use this, this was handy mostly for some Android tests but nothing that we had to keep (hence it is removed). Also, please note that this is a server-side project. All server-side projects use BouncyCastle and nothing else for a long time. For the client-side project (mobile app), we use OpenSSL and low-level crypto on both iOS and Android (bridge via NDK). Please follow the docs here for more info about the client-side implementation: https://github.com/wultra/powerauth-mobile-sdk Finally, please let us know more about your project ([email protected]). We would be interested in how you are using our libraries! :) |
@petrdvorak: Thanks for your reply! |
@Neustradamus The implementation is done already, it was done in PR #322 (closing #270). I opened a new ticket #326 for the documentation improvements. |
@petrdvorak: Thanks, if all companies were like you! |
@Neustradamus Yes, this is why I opened #326, to check the documentation files and fix those. In "master" branch, the changes will be visible on the next release (04-05/2020). Just to repeat the important thing here for the record: We did not bundle SpongyCastle to any projects. We just allowed it's usage via a provided dependency and a crypto provider abstraction (that we recently removed). |
@petrdvorak: Yes yes, it is good. |
@petrdvorak: Can you update to 1.69? |
Dear Wultra,
I do not understand in:
There is:
powerauth-java-prov - A technical module exporting an interface for a generic provider implementation. This is needed in order to be able to have the same cryptography module for Java SE / Java EE and Android (that requires SpongyCastle).
-> SpongyCastle is a dead project with CVEs and it was a fork of BouncyCastle (always developed).
Can you change it to BouncyCastle?
It is really bad to speak about SpongyCastle for security, it is better to speak about BouncyCastle.
In more:
* And we don't want to include Spongy Castle (https://rtyley.github.io/spongycastle)
Informations:
The text was updated successfully, but these errors were encountered: