AES-GCM (Android API Level <= 19)
Stay organized with collections
Save and categorize content based on your preferences.
- Affected Versions
- Tink Android, All Versions
- Affected Key Types
- AES-GCM
Description
On Android KitKat (API level 19) without Google Play Services
, AES-GCM
does not work properly. This is because KitKat uses Bouncy Castle 1.48 which
does not support updateAAD
.
If Google Play Services is present, AES-GCM
should work well.
If you want to support all Android versions without depending on Google Play
Services, use CHACHA20-POLY1305
, AES-EAX
, or AES-CTR-HMAC-AEAD
for your
AEAD.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License
, and code samples are licensed under the Apache 2.0 License
. For details, see the Google Developers Site Policies
. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-11-14 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-11-14 UTC."],[[["\u003cp\u003eAES-GCM encryption may not function correctly on Android KitKat (API level 19) devices without Google Play Services due to limitations in Bouncy Castle 1.48.\u003c/p\u003e\n"],["\u003cp\u003eIf Google Play Services is available on the device, AES-GCM encryption should operate as expected.\u003c/p\u003e\n"],["\u003cp\u003eTo ensure compatibility across all Android versions without relying on Google Play Services, it is recommended to utilize CHACHA20-POLY1305, AES-EAX, or AES-CTR-HMAC-AEAD for authenticated encryption.\u003c/p\u003e\n"],["\u003cp\u003eThis issue impacts all versions of Tink for Android and specifically affects the AES-GCM key type.\u003c/p\u003e\n"]]],["Android KitKat without Google Play Services has a known issue where AES-GCM encryption does not function correctly due to an outdated Bouncy Castle version lacking `updateAAD` support. If Google Play Services is available, AES-GCM functions as expected. For universal Android support without Play Services dependency, utilize CHACHA20-POLY1305, AES-EAX, or AES-CTR-HMAC-AEAD instead of AES-GCM. This affects all versions of Tink Android.\n"],null,["# AES-GCM (Android API Level <= 19)\n\nAffected Versions\n: Tink Android, All Versions\n\nAffected Key Types\n: AES-GCM\n\nDescription\n-----------\n\nOn Android KitKat (API level 19) without [Google Play Services](https://developers.google.com/android/guides/overview), `AES-GCM`\ndoes not work properly. This is because KitKat uses Bouncy Castle 1.48 which\ndoes not support `updateAAD`.\n\nIf Google Play Services is present, `AES-GCM` should work well.\n\nIf you want to support all Android versions without depending on Google Play\nServices, use `CHACHA20-POLY1305`, `AES-EAX`, or `AES-CTR-HMAC-AEAD` for your\nAEAD."]]
