阅读背景:

为什么Google Cloud Key Management Service的Java客户端库不支持Android?

来源:互联网 

It is documented as not supporting Android. Why? Is it just because Android's BouncyCastle's implementation is shrunk down on features and doesn't support things like KeyPairGenerator/ECDSA (Elliptic Curve Digital Signature Algorithm)?
(Here's another link on that.)

它被记录为不支持Android。为什么?是不是因为Android的BouncyCastle的实现在功能上缩小了,而且不支持像KeyPairGenerator / ECDSA(椭圆曲线数字签名算法)这样的东西? (这是另一个链接。)

Wouldn't it be enough to just use SpongyCastle instead? Is it just because Google doesn't support SpongyCastle that its KMS Java client doesn't support Android?

仅仅使用SpongyCastle是不够的?是不是因为谷歌不支持SpongyCastle它的KMS Java客户端不支持Android?

1 个解决方案

#1


1  

https://github.com/GoogleCloudPlatform/google-cloud-java/issues/1696#issuecomment-284464059 is the most authoritative explanation I can find. Quoting garrettjonesgoogle:

https://github.com/GoogleCloudPlatform/google-cloud-java/issues/1696#issuecomment-284464059是我能找到的最权威的解释。引用garrettjonesgoogle:

We have not done any specific work to make google-cloud-java compatible with Android, and there are a number of known issues (as you have discovered). First-class Android support will come at a later date.

我们还没有做任何具体的工作来使google-cloud-java与Android兼容,并且存在许多已知问题(正如您所发现的那样)。一流的Android支持将在稍后推出。

Our currently-recommended way is to have your own server (e.g. on App Engine) that makes the calls to GCP, and your own Android app makes calls to your server. The reason is that google-cloud-java only has support for 2LO auth (service-account-based), not 3LO auth (user-account-based). If you make calls from your android app with 2LO auth, it's theoretically possible for someone to steal your service credentials from your app and use them in their own app. This isn't a problem with 3LO, though.

我们目前推荐的方法是拥有自己的服务器(例如,在App Engine上)来调用GCP,而您自己的Android应用程序会调用您的服务器。原因是google-cloud-java仅支持2LO auth(基于服务帐户),而不支持3LO auth(基于用户帐户)。如果您使用2LO auth从Android应用程序拨打电话,理论上可以让某人从您的应用中窃取您的服务凭据并在他们自己的应用中使用它们。不过,这对3LO来说不是问题。


分享到: