3

Seems like "Crypto" provider has been removed in Android N.

My application crashing because of NoSuchProviderException.

If I change the provider and Algorithm then it will affect user who are all using the app currently. Any one have a idea? 

KeyGenerator kGen = KeyGenerator.getInstance(KEY_GENERATOR_ALGORITHM);
SecureRandom sr = SecureRandom.getInstance(STR_SHA1PRNG, **CRYPTO**);
sr.setSeed(seed);
kGen.init(128, sr);
SecretKey sKey = kGen.generateKey();

04-30 04:07:02.872: E/AndroidRuntime(17386): Caused by: java.security.NoSuchProviderException: no such provider: Crypto

Ananth
  • 115
  • 3
  • 18

1 Answers1

4

Quoting Google:

The “Crypto” security provider has been removed. Any call to the Java Cryptography Extension (JCE) APIs with a Provider listed should only be done if the provider is included in the code of the APK or be able to deal with it’s absence. The reason applications use this provider is to take advantage of its SecureRandom implementation. If your app was relying on setSeed() to derive keys from strings, you should switch to using SecretKeySpec to load raw key bytes directly OR use a real key derivation function (KDF).

Hence, this is working as intended.

If I change the provider and Algorithm then it will affect user who are all using the app currently.

It appears that you are using that provider only for your random number generation. Hence, switching to a different random number generator, and you follow Google's instructions, this should not affect existing users, if I understand correctly.

And, if I am misunderstanding how you are using Crypto (as I rarely use JCE directly), develop a migration path to upgrade existing users of your app to a different algorithm. Android N should not ship in production form for another couple of months, and even then it will be a slow uptake.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • KeyGenerator kGen = KeyGenerator.getInstance("AES"); SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "Crypto"); sr.setSeed(seed); kGen.init(128, sr); // 192 and 256 bits may not be available SecretKey sKey = kGen.generateKey(); This is how I am generating SecretKey. – Ananth May 01 '16 at 00:14
  • One final Question, Consider I change the Encryption/Decryption logic and pushing an app update to all existing user. Then app will crash when we try to decrypt already encrypted data right(Badpaddingexception)? Any solution to mitigate this issue? – Ananth May 01 '16 at 00:23
  • 1
    @Ananth: "Any solution to mitigate this issue?" -- as I wrote, have a migration path. Publish an app update soon that decrypts using your old approach and re-encrypts using a new approach that works on Android N, for people who are upgrading to this new app version (versus installing it for the first time, where you just use the new approach). With luck, everyone will take the update before Android N ships. – CommonsWare May 01 '16 at 11:26
  • Just an another Question... In order to give backward compatibility for user and for migrating old encrypted data, I need the _SHA1PRNG_SecureRandomImpl_. Where can I get it? 1. Embedding implementation inside my app will have any **copyright issue**? 2. Is there any dependency that we can add in our gradle to use implementation 3. Or Any jar file available that I can include in my app for the next release – Ananth May 20 '16 at 14:21
  • Please refer this link: http://stackoverflow.com/questions/39097099/security-crypto-provider-deprecated-in-android-n/42337802#42337802 – varotariya vajsi Feb 20 '17 at 06:33