Upgrade from SpongyCastle 1.58 to BouncyCastle 1.70 (!321) · Merge requests · Network / KDE Connect Android

Albert Vaca Cintora requested to merge work/upgradeBouncyCastle into master Mar 18, 2023

SpongyCastle was a fork of BouncyCastle needed before Android 3.0 because of a conflict with Android's own version of BC. It's no longer needed and rarely receives updates anymore [1]. Furthermore the version we were using was from 2015 and had security issues (although I'm not sure we were affected by them since we only use it to generate certificates).

With this change we now also use Java's standard library to read the certs from a byte[] since the standard CertificateFactory can already do that.

How to test

After upgrading the app, you should unpair your PC, clear the app's data and restart the app because that's the only moment a new certificate will be generated.

[1] https://github.com/rtyley/spongycastle/issues/34

Edited Mar 18, 2023 by Albert Vaca Cintora

Upgrade from SpongyCastle 1.58 to BouncyCastle 1.70

How to test

Merge request reports