Hi all,
I posted a message to the Android Developers list about problems with
the crypto API.
In fact the Bouncy Castle API on the phone seems to have a bug when
executing the following code:
1 Mac hmac = Mac.getInstance("HmacSHA256");
2 SecretKeyFactory kf = SecretKeyFactory.getInstance("DES");
3 Key k = kf.generateSecret(ks);
4 hmac.init(k);
5 finalKey = hmac.doFinal(s);
The secret key k in line 3 differs when the above code is executed on
the phone and on a SUN JVM, making it almost impossible to do proper
authentication between a client on the phone and a server that is run
on a SUN JVM.
The post is here:
http://groups.google.com/group/android-developers/browse_thread/thread/b8bd276a07b5bd09
I think this might be interesting for some here.
