Installing an Alternate SSL Provider on Android
The Android platform quickly has become one of the most popular mobile operating systems for both developers and end users. As such, security is a high priority, but so is the sometimes-conflicting goal of minimizing resource usage. By default, the Android platform uses OpenSSL to provide Java developers with SSL functionality, but by using CyaSSL instead, developers gain a smaller footprint as well as a faster SSL implementation.
The intent of this article is to provide insight and instruction on how to install an alternative SSL provider on the Android platform, specifically using CyaSSL as an example. After doing so, developers will have the option of using CyaSSL for SSL functionality and will gain the advantages in size and speed that an embedded SSL library offers. Users interested in replacing other pre-installed libraries on Android or developers porting C libraries over from other systems to Android also may find this information useful as a recipe for their own development efforts.
TLS (Transport Layer Security) and its predecessor SSL (Secure Socket Layer) are cryptographic protocols that provide security for communications over networks. Originally created by Netscape, these protocols allow client/server applications to create an encrypted link and ensure that all traffic being sent and received is both private and secure.
TLS and SSL provide this secure layer through the use of public/private key encryption, symmetric encryption, hashing and trusted certificates. A message (the pre-master secret for SSL/TLS) encrypted with a public key can be decrypted only using the associated private key. The public key is usually publicly available, allowing anyone with this key to encrypt a message. Only the owner of that public key may decrypt the message once encrypted with the associated private key. There are multiple cipher suites that may be used by TLS and SSL to create a secure socket.
The Java platform contains a set of security APIs (public key infrastructure, authentication, secure communication and access control), all of which are only interfaces defining a “contract” for provider implementations to meet. This gives Java programmers the ability to use a single API while allowing any desired implementation to be plugged in underneath.
Under this architecture, multiple providers for a service may be installed side by side. In the case of having multiple providers for a service, each provider is given an order of priority in which it should be used by the Java platform. By default, Java will use higher-priority providers first if they offer the desired functionality.
The javax.net.ssl Java API package is responsible for supplying SSL functionality to the Java platform. The diagram in Figure 1 gives a general overview of how SSL providers—or more generally, providers—are organized within the Java platform. Because Android is based heavily on the Java framework and supports this provider design, we are able to install CyaSSL as an SSL provider for Android.
Java security providers are listed and prioritized in a file named java.security on OS X and Linux, or java.properties on the Android platform. On Android, this file is located at /libcore/security/src/main/java/java/security/security.properties. This file is the primary configuration file for Java providers and will be key in the CyaSSL installation process.
First, you need to set up the local build environment to accommodate for the Android build system as well as download the Android platform source code.
To build the Android source files, you should have either Linux or OS X installed on your development machine. At the time of this writing, Windows is not currently supported. Further, the most current version of OS X, Snow Leopard, is not supported due to incompatibilities with Java 6. The remainder of this article assumes that the operating system of choice is 32-bit Linux. Because of the speed at which the Android platform evolves, check the Android Developer Web site for the most current host operating system support.
Instructions for setting up your local work environment for Android development as well as instructions for getting the Android source code can be found in the Android documentation titled “Get Android Source Code”, located on the Android Developer Web site. Before continuing, make sure you are able to build the Android platform as is without modifications by following the steps outlined on-line.
Working with and contributing to the Android platform is done through the use of Git and Repo. In Android, Git is used for local operations, such as local branching, commits, diffs and edits. Repo, on the other hand, is a tool built by Google on top of Git. According to Google, “Repo helps manage the many Git repositories, does the uploads to the revision control system, and automates parts of the Android development workflow. Repo is not meant to replace Git, only to make it easier to work with Git in the context of Android.”
|Free Today: September Issue of Linux Journal (Retail value: $5.99)||Sep 27, 2016|
|nginx||Sep 27, 2016|
|Epiq Solutions' Sidekiq M.2||Sep 26, 2016|
|Nativ Disc||Sep 23, 2016|
|Android Browser Security--What You Haven't Been Told||Sep 22, 2016|
|The Many Paths to a Solution||Sep 21, 2016|
- Free Today: September Issue of Linux Journal (Retail value: $5.99)
- Android Browser Security--What You Haven't Been Told
- Readers' Choice Awards 2013
- Epiq Solutions' Sidekiq M.2
- The Many Paths to a Solution
- Nativ Disc
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Synopsys' Coverity
- Tech Tip: Really Simple HTTP Server with Python
Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.Get the Guide