Profile cover photo
Profile photo
legionofthebouncycastle
118 followers -
open source software, cryptography
open source software, cryptography

118 followers
About
legionofthebouncycastle's posts

Post has attachment
Bouncy Castle Release 1.56 is now available.

This release concentrates in 2 areas. The first is the new API for DTLS/TLS and a JSSE provider. The second is that particular effort has been made on security and robustness. More validation code done as part of the FIPS project has been migrated into the code base and we have also received feedback both from Google's Project Wycheproof and the Intel Security Team which has allowed us to further improve the robustness of the APIs in general as well as fix some possible security issues. Support for RFC 7539 ChaCha20 and Poly1305 has also been added and general support for SHA-3 in the PKIX APIs has been improved. A potential null pointer exception in the WNafUtil class has been removed and issues with escaping exceptions in PGPUtil.getDecoderStream() have been addressed.

Full details of the release, including the CVE details and numbers for the 10 CVE's resolved in this release can be found in the release notes at

https://www.bouncycastle.org/releasenotes.html

Please check the release notes to check whether any of the CVEs dealt with may affect your use of the APIs. If you are affected we strongly recommend upgrading.

For the actual release and other details go to our latest releases page:

https://www.bouncycastle.org/latest_releases.html

Post has attachment
BC FIPS C# .NET module now available.

Thanks to sponsorship from WindTalker Security (http://www.windtalkersecurity.com/), we are able to announce the final certification and public release of the BC FIPS C# APIs. In addition to a range of FIPS algorithms such as those for encryption, key agreement, key transport, signature generation, message hashing, and the more recent SHA-3 and SHAKE algorithms, the APIs also include some of the more popular algorithms used in IETF standards and post-quantum algorithms for key exchange (New Hope) and signature creation (SPHINCS-256). For more details see:

https://www.bouncycastle.org/fips-csharp

Any questions, or problems, please let us know at feedback-crypto@bouncycastle.org

Beta of new Java TLS API and JSSE Provider now available,

Thanks to support received from the Linux Foundation's Core
Infrastructure Initiative we now have a new TLS API which is capable of
using the JCA/JCE as well as the BC light-weight API and also a JSSE
provider built on top of it.

Downloads are at https://downloads.bouncycastle.org/betas/ and the code
is checked into https://github.com/bcgit/bc-java/tree/master/tls

We believe the TLS API is fairly spot on, but we are still working out
all the requirements that the JSSE has on a provider, so feedback is
most welcome.

Please send any feedback to feedback-crypto@bouncycastle.org

The day has finally arrived. BC FIPS Java 1.0.0 is now available. Many thanks to Tripwire, Inc and our other sponsors.

For the press release see:

http://www.businesswire.com/news/home/20161110005072/en/Tripwire-Sponsors-Bouncy-Castle%E2%80%99s-Federal-Information-Processing

For the code and other resources see:

https://www.bouncycastle.org/fips-java/

Bouncy Castle FIPS Java 1.0.0 is now certified.

The CMVP has assigned Cert. #2768 for the BC-FJA module. Details are on the CMVP website at:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2768

Bouncy Castle Java API Release 1.55 now available

This release sees further work on the post-quantum provider with the addition of the NewHope (March 2016 version) key exchange algorithm and the SPHINCS signature algorithm. The McEliece implementation has also been revised and now has KeyFactory implementation for it as well. The DANE API has been updated to reflect the latest standard changes. SHA-3 support has been added for HMAC as well as for the DSA, ECDSA, DDSA, and ECDDSA signature algorithms. SHA-3 support has also been added for RSA signatures and OAEP encryption. Support has been added for the GOST R34.11-2012 message digest as well. The TSP API now supports millisecond resolution in time-stamps and TLS supports RFC 7685 and ECDH_anon key exchange. The CMS password recipient generator now supports PRFs other than SHA-1 as well. In terms of bug fixes: issues with cloning of BLAKE digests, an occasional error in the Poly1305 calculator, UserNotice issues with empty sequences, and validation issues with time-stamp requests containing extensions have all been fixed. CRMF now recognises when non-default OAEP parameters are used and issues around the encoding of parameters for ECIES/IES have also been addressed.
Further details on other additions and bug fixes can be found in the release notes file accompanying the release or at https://www.bouncycastle.org/releasenotes.html
For more details go to our latest releases page:
https://www.bouncycastle.org/latest_releases.html

As always we are grateful to the people and organisations who have contributed/donated to the project and you can find the updated list at https://www.bouncycastle.org/contributors.html We would also like to thank holders of Crypto Workshop support contracts once again we were able to contribute additional time back to this release through left over consulting time provided as part of the support agreements.

Post has attachment
BC C# FIPS API now under NIST review.

We are pleased to be able to announce that Windtalker Security ( http://windtalkersecurity.com ) has sponsored a FIPS certifiable version of our C# APIs for .NET.

The user guide describing the APIs and the algorithm set can be found at:

https://www.bouncycastle.org/csharp/fips/BCCSharpUserGuide.pdf

The draft security policy is also available and can be found at:
https://www.bouncycastle.org/csharp/fips/BCCSharpSecurityPolicy.pdf

The APIs are under NIST review and are now available for early access.

Please contact us at office@bouncycastle.org for details about the early access program or any other questions.

BC FIPS Java module submitted to CMVP.

We have gotten to the end of lab testing and evaluation, and we think everything is now in good enough shape for the CMVP at NIST to have a look at it. The module has been submitted for the security level FIPS 140-2 Level 1, and will initially be certified for JDK 1.7 and JDK 1.8. The module runs back to JDK 1.5.

The latest security policy and user guide for the module are available at:
FIPS User Guide https://www.bouncycastle.org/fips/BCUserGuide.pdf
FIPS Security Policyhttps://www.bouncycastle.org/fips/BCSecurityPolicy.pdf

CAVP algorithm certifications for the module (which now include SHA-3)
can be found off:
http://csrc.nist.gov/groups/STM/cavp/validation.html

Bouncy Castle Java API 1.54 is now available.

This is primarily a security release concerning (D)TLS 1.2. Motivated by CVE-2015-7575 (Common Vulnerabilities), we have added validation that the signature algorithm received in DigitallySigned structures is actually one of those offered (in signature_algorithms extension or CertificateRequest). With our default TLS configuration, we do not believe there is an exploitable vulnerability in any earlier releases. Users that are customizing the signature_algorithms extension, or running a server supporting client authentication, are advised to double-check that they are not offering any signature algorithms involving MD5.
In terms of new features, the CMS API now supports the PKCS#7 ANY type for encapsulated content, RFC 3370, Camellia, and SEED are now supported for key agreement in CMS, and CTR/SIC modes now provide an explicit internal counter if initialized with a short IV. TLS/DTLS now includes a non-blocking API. The Blake2b digests are now actually supported in the provider (sorry, it got missed in 1.53...) and ClassCastException issues with Cipher.getOutputSize() for IES ciphers have been fixed. Finally, in accordance with advice from the algorithm's authors, Serpent has been modified to conform to the NESSIE vector suite, the previous version of Serpent, which conforms to the NIST submission format, is now called Tnepres.
Further details on other additions and bug fixes can be found in the release notes file accompanying the release or at http://www.bouncycastle.org/releasenotes.html

For more details go to our latest releases page:

http://www.bouncycastle.org/latest_releases.html

As always we are grateful to the people and organisations who have contributed/donated to the project and you can find the updated list at http://www.bouncycastle.org/contributors.html We would also like to thank holders of Crypto Workshop support contracts once again we were able to contribute additional time back to this release through left over consulting time provided as part of the support agreements.

This release also features some work that arose out of our on-going FIPS certification project, most particularly from work supported by our primary sponsor Tripwire, Inc ( http://www.tripwire.com ). Thanks must go to Tripwire as well.

Speaking of FIPS, algorithm testing is complete and we're in code review. If you are interested in the project, the draft User Guide for the APIs is now available at https://www.bouncycastle.org/fips/UserGuide-20151229.pdf Please contact us at office@bouncycastle.org if you are interested in joining the early access program for the FIPS APIs.

If you are interested helping support the Bouncy Castle project through donation, you can find the details on how to donate via PayPal or Bitcoin, at:

https://www.bouncycastle.org/donate

If you prefer to use direct bank transfer please feel free to discuss it with us by contacting us at office@bouncycastle.org and we'll be happy help. The Legion of the Bouncy Castle Inc is a registered Australian charity based in the State of Victoria, Australia.

If you wish to sponsor specific work on Bouncy Castle or get a commercial support contract for the APIs please contact us at Crypto Workshop ( http://www.cryptoworkshop.com )

Finally, for users of the maven repositories, 1.54 is also now available on Maven Central both for regular BC users and Android users making use of the Spongy Castle distribution (thanks to Roberto Tyley for the prompt attention). The GitHub repositories for both projects have been updated as well.

Oh, and Happy New Year from all of us at BC!

Post has attachment
Bouncy Castle C# API 1.8.1 now available

This release is largely a security release, with extra validation now added to the (D)TLS 1.2 implementation to validate the signature algorithm in DigitallySigned structures. The release also fixes issues with DTLS record-layer version handling and adds support for ASN.1 GraphicString and VideotexString.

Please go to http://www.bouncycastle.org/csharp/ for further details.
Wait while more posts are being loaded