Android / Crypto provider


#1

I’ve updated to using ‘net.zetetic:android-database-sqlcipher:3.5.7@aar’ and all functionality appears good (targeting Android SDK version 23). However, I’m getting this message in console around the time that an encrypted database is opened:

********** PLEASE READ ************ 
* 
* New versions of the Android SDK no longer support the Crypto provider.
* If your app was relying on setSeed() to derive keys from strings, you
* should switch to using SecretKeySpec to load raw key bytes directly OR
* use a real key derivation function (KDF). See advice here : 
* http://android-developers.blogspot.com/2016/06/security-crypto-provider-deprecated-in.html 
*********************************** 
Returning an instance of SecureRandom from the Crypto provider
as a temporary measure so that the apps targeting earlier SDKs
keep working. Please do not rely on the presence of the Crypto
provider in the codebase, as our plan is to delete it
completely in the future.

Is there a step I can take to eliminate this warning? Thanks!


#2

Hello @evands

Thank you for reaching out regarding this notice. SQLCipher for Android does not utilize the Java Crypto provider. All cryptographic operations within SQLCipher for Android are deferred to native functions, in this case through our OpenSSL crypto provider within SQLCipher which is compiled natively for the platforms the library is loaded in. You may want to search your codebase to determine if the application, or any other third-party libraries have a dependency.