为什么 Google 云密钥管理服务的 Java 客户端库不支持 Android?
Why doesn't Google Cloud Key Management Service's Java client library support Android?
It is documented as not supporting Android. Why? Is it just because Android's BouncyCastle's implementation is shrunk down on features and doesn't support things like KeyPairGenerator/ECDSA (Elliptic Curve Digital Signature Algorithm)?
()
仅仅使用 SpongyCastle 不就足够了吗?难道只是因为Google不支持SpongyCastle它的KMSJava客户端不支持Android?
https://github.com/GoogleCloudPlatform/google-cloud-java/issues/1696#issuecomment-284464059是我能找到的最权威的解释了。引用 garrettjonesgoogle:
We have not done any specific work to make google-cloud-java compatible with Android, and there are a number of known issues (as you have discovered). First-class Android support will come at a later date.
Our currently-recommended way is to have your own server (e.g. on App Engine) that makes the calls to GCP, and your own Android app makes calls to your server. The reason is that google-cloud-java only has support for 2LO auth (service-account-based), not 3LO auth (user-account-based). If you make calls from your android app with 2LO auth, it's theoretically possible for someone to steal your service credentials from your app and use them in their own app. This isn't a problem with 3LO, though.
It is documented as not supporting Android. Why? Is it just because Android's BouncyCastle's implementation is shrunk down on features and doesn't support things like KeyPairGenerator/ECDSA (Elliptic Curve Digital Signature Algorithm)?
(
仅仅使用 SpongyCastle 不就足够了吗?难道只是因为Google不支持SpongyCastle它的KMSJava客户端不支持Android?
https://github.com/GoogleCloudPlatform/google-cloud-java/issues/1696#issuecomment-284464059是我能找到的最权威的解释了。引用 garrettjonesgoogle:
We have not done any specific work to make google-cloud-java compatible with Android, and there are a number of known issues (as you have discovered). First-class Android support will come at a later date.
Our currently-recommended way is to have your own server (e.g. on App Engine) that makes the calls to GCP, and your own Android app makes calls to your server. The reason is that google-cloud-java only has support for 2LO auth (service-account-based), not 3LO auth (user-account-based). If you make calls from your android app with 2LO auth, it's theoretically possible for someone to steal your service credentials from your app and use them in their own app. This isn't a problem with 3LO, though.