{"id":16101449,"url":"https://github.com/mendhak/conscrypt-provider","last_synced_at":"2025-03-18T07:31:29.432Z","repository":{"id":141194516,"uuid":"505541353","full_name":"mendhak/Conscrypt-Provider","owner":"mendhak","description":"Conscrypt Provider app, which can be included from other applications (WIP)","archived":false,"fork":false,"pushed_at":"2022-11-08T18:37:51.000Z","size":117,"stargazers_count":14,"open_issues_count":1,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-28T08:17:11.354Z","etag":null,"topics":["android","f-droid","fdroid","java","tls13"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mendhak.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-20T17:44:42.000Z","updated_at":"2025-02-23T22:42:53.000Z","dependencies_parsed_at":null,"dependency_job_id":"dfcadef3-db8d-42f2-9c0e-7d29db315bf4","html_url":"https://github.com/mendhak/Conscrypt-Provider","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendhak%2FConscrypt-Provider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendhak%2FConscrypt-Provider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendhak%2FConscrypt-Provider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mendhak%2FConscrypt-Provider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mendhak","download_url":"https://codeload.github.com/mendhak/Conscrypt-Provider/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243910814,"owners_count":20367545,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","f-droid","fdroid","java","tls13"],"created_at":"2024-10-09T18:49:57.795Z","updated_at":"2025-03-18T07:31:29.427Z","avatar_url":"https://github.com/mendhak.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"Conscrypt Provider is an APK which can provide the Conscrypt Library to apps that support older Android devices. \nThe [Conscrypt Library](https://github.com/google/conscrypt) provides modern TLS capabilities and ciphers, including TLS 1.3.   \nI have wrapped it in a standalone APK because not all users will need it, and because the library is quite large.\n\nUsers will need to install the APK, and app developers will need to add code to their apps to make use of this provider. \n\n## Instructions for users\n\nDownload the app from [F-Droid](https://f-droid.org/packages/com.mendhak.conscryptprovider/) or go to the [releases](https://github.com/mendhak/Conscrypt-Provider/releases).  Download the `.apk` file and install it. \n\n(Optional) It's always a good idea to verify downloads (the method below only works with apk from the release section). First get my PGP public key\n\n    gpg --recv-key 6989CF77490369CFFDCBCD8995E7D75C76CBE9A9\n\nYou can verify the APK signature using:\n\n    gpg --verify ~/Downloads/conscrypt-provider-1.apk.asc\n\nYou can verify the APK checksum using:\n\n    sha256sum -c ~/Downloads/conscrypt-provider-1.apk.SHA256\n\n## Instructions for developers\n\nIn the app startup code, you can look for the APK being installed, and if it is, include it.   \n\nFirst, get your helper methods ready\n\n```java\npublic static String getPackageSignature(String targetPackage, Context context) throws PackageManager.NameNotFoundException, CertificateException, NoSuchAlgorithmException {\n    Signature sig = context.getPackageManager().getPackageInfo(targetPackage, PackageManager.GET_SIGNATURES).signatures[0];\n    CertificateFactory cf = CertificateFactory.getInstance(\"X.509\");\n    X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(sig.toByteArray()));\n    String hexString = null;\n    MessageDigest md = MessageDigest.getInstance(\"SHA1\");\n    byte[] publicKey = md.digest(cert.getEncoded());\n    hexString = byte2HexFormatted(publicKey);\n    return hexString;\n}\n\nstatic String byte2HexFormatted(byte[] arr) {\n    StringBuilder str = new StringBuilder(arr.length * 2);\n    for (int i = 0; i \u003c arr.length; i++) {\n        String h = Integer.toHexString(arr[i]);\n        int l = h.length();\n        if (l == 1) h = \"0\" + h;\n        if (l \u003e 2) h = h.substring(l - 2, l);\n        str.append(h.toUpperCase());\n        if (i \u003c (arr.length - 1)) str.append(':');\n    }\n    return str.toString();\n}\n```\n\nThen early in the application lifecycle, do this: \n\n```java\n// You should probably check if com.mendhak.conscryptprovider is installed first. \n// https://stackoverflow.com/q/6758841/974369\n// Then:\ntry {\n    //Get signature to compare - either Github or F-Droid versions\n    //~/Android/Sdk/build-tools/33.0.0/apksigner verify --print-certs -v ~/Downloads/com.mendhak.conscryptprovider_3.apk\n    String signature = getPackageSignature(\"com.mendhak.conscryptprovider\", context);\n    if (\n            signature.equalsIgnoreCase(\"C7:90:8D:17:33:76:1D:F3:CD:EB:56:67:16:C8:00:B5:AF:C5:57:DB\")\n            || signature.equalsIgnoreCase(\"9D:E1:4D:DA:20:F0:5A:58:01:BE:23:CC:53:34:14:11:48:76:B7:5E\")\n    ) {\n        signatureMatch = true;\n    }\n    else {\n        Log.e(\"com.mendhak.conscryptprovider found, but with an invalid signature. Ignoring.\");\n        return;\n    }\n\n    //https://gist.github.com/ByteHamster/f488f9993eeb6679c2b5f0180615d518\n    Context targetContext = context.createPackageContext(\"com.mendhak.conscryptprovider\",\n            Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY);\n    ClassLoader classLoader = targetContext.getClassLoader();\n    Class installClass = classLoader.loadClass(\"com.mendhak.conscryptprovider.ConscryptProvider\");\n    Method installMethod = installClass.getMethod(\"install\", new Class[]{});\n    installMethod.invoke(null);\n    installed = true;\n    Log.i(\"Conscrypt Provider installed\");\n} catch (Exception e) {\n    Log.e(\"Could not install Conscrypt Provider\", e);\n}\n\n```\n\nOf course within the app, you'll also need to provide instructions for users to install the APK.\n\n## Motivation\n\nI want to provide TLS 1.3 to pre-Android-10 users in my app, without having to rely on closed source libraries.  \nThe simplest way to do this is to include the [Conscrypt library](https://github.com/google/conscrypt/). \n\nHowever, this library is massive, it adds about 5+MB to the APK size.  \nAnd it isn't needed for [Android 10+ users](https://developer.android.com/about/versions/10/features#tls-1.3).  \n\nThe next simplest way to deal with this situation is to make the Conscrypt provider a separate app, and reference it from my application. \n\nThis repository contains the code for the 'Conscrypt Provider'.  \nIt can probably be used by any application though.  \n\n\n## References\n\nI have made use of the [F-Droid blog post](https://f-droid.org/2020/05/29/android-updates-and-tls-connections.html) and an [associated gist](https://gist.github.com/ByteHamster/f488f9993eeb6679c2b5f0180615d518).\n\nThis isn't the best or perfect way to provide Conscrypt to applications, but it's _a_ way that works for me.  \n\nApp Icon by [Flaticon.com](https://www.flaticon.com/free-icon/tls-protocol_4896619?term=tls\u0026page=1\u0026position=2\u0026page=1\u0026position=2\u0026related_id=4896619\u0026origin=style)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmendhak%2Fconscrypt-provider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmendhak%2Fconscrypt-provider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmendhak%2Fconscrypt-provider/lists"}