mirrors/bisq
1
0
Fork 0
mirror of https://github.com/bisq-network/bisq.git synced 2024-11-19 09:52:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove bouncycastle:bcprov from *direct* dependencies

Browse Source 
We still depend on this jar *indirectly* via bouncycastle:bcpg,
which is used for PGP signature verification of Bisq Desktop updates.

This gets us closer to prospect of removing Bounce Castle dependency
entirely in the future.

Rationale for this direction:

* We are really only using Bouncy Castle for PGP sig verification
* Java's builtin cryptography got vastly better since 2000
* We should prefer boring and proven cryptography anyway
* Australian projects should be considered compromised,
  and Bouncy Castle is run by Australian non-profit organization
* Bouncy Castle is a heavy dependency totaling 3.6MB
This commit is contained in:
battleofwizards 2019-09-03 12:19:50 +02:00
parent e93a4efbc9
commit 1c580da5ed
No known key found for this signature in database
GPG Key ID: 58B1485148D203E1
2 changed files with 0 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
build.gradle
View File

@ -158,7 +158,6 @@ configure(project(':assets')) {
compile "com.google.guava:guava:$guavaVersion"
compile "org.slf4j:slf4j-api:$slf4jVersion"
compile "org.apache.commons:commons-lang3:$langVersion"
compile "org.bouncycastle:bcpg-jdk15on:$bcVersion"
}
}
@ -199,7 +198,6 @@ configure(project(':common')) {
exclude(module: 'protobuf-java')
}
compile "org.jetbrains:annotations:$jetbrainsAnnotationsVersion"
runtime "org.bouncycastle:bcprov-jdk15on:$bcVersion"
compile "org.bouncycastle:bcpg-jdk15on:$bcVersion"
compile "commons-io:commons-io:$ioVersion"
compile "org.apache.commons:commons-lang3:$langVersion"
@ -396,7 +394,6 @@ configure(project(':seednode')) {
dependencies {
compile project(':core')
runtime "org.bouncycastle:bcprov-jdk15on:$bcVersion"
compileOnly "org.projectlombok:lombok:$lombokVersion"
annotationProcessor "org.projectlombok:lombok:$lombokVersion"
testCompile "org.springframework:spring-test:$springVersion"

5
core/src/test/java/bisq/core/crypto/EncryptionTest.java
View File

@ -22,11 +22,8 @@ import bisq.common.crypto.KeyRing;
import bisq.common.crypto.KeyStorage;
import bisq.common.storage.FileUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.io.File;
@ -62,5 +59,3 @@ public class EncryptionTest {
}