a repackage of the Bouncy Castle Java cryptographic libraries, targeted specificlly at Android
The Android platform unfortunately ships with a cut-down version of Bouncy Castle - as well as being crippled, it also makes installing an updated version of the libraries difficult due to classloader conflicts.
Spongy Castle is the stock Bouncy Castle libraries with a couple of small changes to make it work on Android:
- all package names have been moved from
org.bouncycastle.*toorg.spongycastle.*- to avoid classloader conflicts the Java Security - API Provider name is now SC rather than BC no class names change, so
- the
BouncyCastleProviderclass remains Bouncy, not Spongy, but moves to theorg.spongycastle.jce.providerpackage.
In general Spongy Castle should be a drop-in replacement for Bouncy Castle, but there are a couple of pain points:
- ProGuard can often remove crucial classes from the Spongy Castle libs (internally, Bouncy Castle uses a lot of class-loading-by-name, which means ProGuard will over-aggressively remove it's classes). ProGuard config must be tweaked to keep the appropriate classes for whatever crypto algorithms you need.
- Not all classes from Oracle Java are present on Android - for example, missing AWT classes block usage of the S/MIME API.
