Question: Why SpongyCastle (instead of Bouncy)?

[Sajjon]

I saw (in ECKeypair.java for example) that SpongyCastle is used instead of BouncyCastle

I found this Github issue by the author about Spongy being obsolete or not but most people voted for SC being wanted.

So I just thought it would be interesting to know which advantages of SpongyCastle was attractive to prefer chose it over BouncyCastle 😄

[gregscullard]

Hi, some time ago when we started work on the cryptography side of the SDK, we looked at many libraries and were a also conscious to ensure that keys generated from the Android+iOS wallets were fully compatible with those generated by the SDK and vice-versa. The Android wallet uses SpongyCastle so to avoid any inconsistencies it felt right to use the same in the Java SDK. Having tried other libraries such as LibSodium, compatibility wasn't consistent.

Hope this clarifies.
Greg

[jbuhacoff]

Hi, in case you need a more recent version of BouncyCastle in the SpongyCastle style, I made a tool called mybc for building your own customized BC library, so you don't need to wait for the next SpongyCastle release. There's a section in the README specifically about making a drop-in replacement for SpongyCastle. I'm using it in my Android app. Currently it's building BC version 1.62 for JDK 1.5 successfully. Links: mybc on GitHub and mybc on NPM. If it helps please star the repo!