Solution to HMAC.SHA256 FIPS jar?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Solution to HMAC.SHA256 FIPS jar?

David Templar-2

I have now been able to import the original bc-fips-1.0.2.jar
(unmodified and with original signatures) into an Android App and get it
to work.

The solution is to open the fully built release .apk file (could use
winrar etc.) go into META-INF folder of the .apk (one does not even get
access to the .jar or its classes at this point amd no DEX file is
changed). There you will see a HMAC.SHA256 fileĀ  - change the value to
what your app's checksum is. Then just sign the Android APK and install.

All works!

Yes I know all the normal small print applies - app is not NIST
compliant, I have no intention of stating it is etc.

Can someone tell me if the above process actually does create an app
that uses a 100% clean BCFIPS during the entire Android App lifecycle?

Kind regards,

David Templar