Does every Android phone support SHA-256

Question

So reading this post: How can I calculate the SHA-256 hash of a string in Android?

and the docs: http://developer.android.com/reference/java/security/MessageDigest.html

I'm curious; which phones will support SHA-256? In the docs, the line about the 'NoSuchAlgorithmException' makes me think that some phones don't support all algorithms. Before I go implementing this for an app and expecting it to work the same on all phones I want to know if anyone knows anything about this...?

I find it strange that the MessageDigest class doesn't have some constants to pick the algorithm you want to use.

+1 Good question. I agree completely that there should be constants. — Chris Cashwell, Apr 12 '12 at 18:24

score 33 · Accepted Answer · answered Apr 12 '12 at 18:21

33

All Android devices support SHA-256. The NoSuchAlgorithmException indicates that a requested algorithm could not be found and is necessary because the method takes a String argument for the algorithm name. If you passed in "foo-256", the method's only recourse is to throw a NoSuchAlgorithmException because, for reasons beyond my understanding, there's no algorithm called "foo-256". Assuming you're passing in a name you're sure is an algorithm that Android can use, you'll never see that exception.

answered Apr 12 '12 at 18:21

Chris Cashwell

22,308
13
63
94

2

While I mostly agree, you can't be 100% sure that *all* devices support SHA-256. However unlikely, someone might decide to save a few bytes and take it out. Especially since, unless device have the Market/Play app, there is no clear definition on what 'Android' has to support. You can always list supported algorithms/mechanisms with something like this if you need to be sure: http://stackoverflow.com/questions/3683302/how-to-find-out-what-algorithm-encryption-are-supported-by-my-jvm – Nikolay Elenkov Apr 13 '12 at 02:27
4

Well: 1. Android has never used the JDK: both the core libraries (some derived from Apache Harmony) and the JVM (Dalvik) are its own. 2. `MessageDigest` is just a JCE interface, to be able to use SHA-256, MD5 or whatever, there needs to be a `Provider` that implements those algorithms. Android's JCE provider is derived from BouncyCastle and is known to be quite stripped, especially on earlier Android versions. Manufacturers do customize both the framework, sometimes quite aggressively. That could include the system JCE provider as well. – Nikolay Elenkov Apr 13 '12 at 15:28
3

You are actually missing the point: interface != implementation. – Nikolay Elenkov Apr 16 '12 at 13:27

score 22 · Answer 2 · answered Sep 18 '13 at 18:17

Add NoSuchAlgorithmException as below:

public static String SHA256 (String text) throws NoSuchAlgorithmException {

    MessageDigest md = MessageDigest.getInstance("SHA-256");

    md.update(text.getBytes());
    byte[] digest = md.digest();

    return Base64.encodeToString(digest, Base64.DEFAULT);
}

score 8 · Answer 3 · answered Apr 19 '19 at 12:33

8

According to the Android Documentations for MessageDigest, SHA-256 is supported since API 1.

answered Apr 19 '19 at 12:33

Megaetron

1,154
2
15
29

score 6 · Answer 4 · edited May 23 '17 at 10:30

SHA-256withRSA is NOT supported in older android versions (verified the same in Android 4.0.3, 4.1.1). I have experienced this problem while using JSCEP. The digest algorithm returned by SCEP server is SHA-256. But SHA-256withRSA is not present in any default SecurityProviders in those android versions. Found a relevant link: Which versions of Android support which package signing algorithms?

This link shows that SHA-256withRSA was added later: https://android-review.googlesource.com/44360

Does every Android phone support SHA-256

4 Answers4

Linked