AES-GCM (Android API Level <= 19)
- Affected Versions
- Tink Android, All Versions
- Affected Key Types
- AES-GCM
Description
On Android KitKat (API level 19) without Google Play Services, AES-GCM
does not work properly. This is because KitKat uses Bouncy Castle 1.48 which
does not support updateAAD.
If Google Play Services is present, AES-GCM should work well.
If you want to support all Android versions without depending on Google Play
Services, use CHACHA20-POLY1305, AES-EAX, or AES-CTR-HMAC-AEAD for your
AEAD.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-11-14 UTC.
[null,null,["Last updated 2024-11-14 UTC."],[[["AES-GCM encryption may not function correctly on Android KitKat (API level 19) devices without Google Play Services due to limitations in Bouncy Castle 1.48."],["If Google Play Services is available on the device, AES-GCM encryption should operate as expected."],["To ensure compatibility across all Android versions without relying on Google Play Services, it is recommended to utilize CHACHA20-POLY1305, AES-EAX, or AES-CTR-HMAC-AEAD for authenticated encryption."],["This issue impacts all versions of Tink for Android and specifically affects the AES-GCM key type."]]],["Android KitKat without Google Play Services has a known issue where AES-GCM encryption does not function correctly due to an outdated Bouncy Castle version lacking `updateAAD` support. If Google Play Services is available, AES-GCM functions as expected. For universal Android support without Play Services dependency, utilize CHACHA20-POLY1305, AES-EAX, or AES-CTR-HMAC-AEAD instead of AES-GCM. This affects all versions of Tink Android.\n"]]
