Profile cover photo
Profile photo
open source software, cryptography
open source software, cryptography


Post has attachment

Post has attachment
Java Release 1.59 is now available for download.

Further work has been done on improving the BCJSSE provider and the vulnerability described in CVE-2017-13098 has been fixed. Most PQC algorithms can now have their keys stored in BC key stores, the algorithms GOST3412-2015 and Blake2s have been added, support has been added for Unified Cofactor EC Diffie-Hellman, and signature algorithm support has been added for SHA-3. A number of other enhancements and bug fixes have also been made.

For more details go to:
Add a comment...

Post has attachment

BC FJA 1.0.1 now available!

BC FJA 1.0.1 is now being submitted. To mark the occasion we have made it and its associated libraries available for early access at

More later!
Add a comment...

Post has attachment
Bouncy Castle Java Release 1.58 is now available.

This release features considerable work on improving the TLS API and the BCJSSE. Support for ECGOST3410-2012 has been added for both signing and key agreement/exchange. The DSTU-7564 digest and DSTU-7624 cipher have also been added. Support for XMSS and XMSS^MT has been added to the BCPQC provider. API support for SM2 and ANSSI curves has been improved, and a stack overflow error that could occur in conjunction the BC DEFAULT SecureRandom on startup has been fixed.

We gratefully acknowledge the support of Micro Focus in funding the additional TLS/BCJSSE work.

For more details go to our latest releases page to download the new version from:
Add a comment...

BC FIPS Java release 1.0.1 submitted for lab testing.
Add a comment...

Post has attachment
Bouncy Castle Java Release 1.57 is now available.

This release features a new API for client side EST (RFC 7030) requests, as well as additional work on the TLS API to further complete the BCJSSE provider. The JCE and lightweight API now include the ARIA cipher. The SM2 algorithm (signatures, key exchange, and public key encryption) and the XMSS signature algorithm have been added to the lightweight API. An edge condition in GOFB mode has been fixed, and PSS signature support now handles non-default length salts in the CMS API. A number of other issues around OpenPGP, the JCE provider, and X.509 extensions have also been fixed.

For more details go to our latest releases page at:

We gratefully acknowledge CISCO and PrimeKey in supporting the development of the EST API.
Add a comment...

Post has attachment
Bouncy Castle Release 1.56 is now available.

This release concentrates in 2 areas. The first is the new API for DTLS/TLS and a JSSE provider. The second is that particular effort has been made on security and robustness. More validation code done as part of the FIPS project has been migrated into the code base and we have also received feedback both from Google's Project Wycheproof and the Intel Security Team which has allowed us to further improve the robustness of the APIs in general as well as fix some possible security issues. Support for RFC 7539 ChaCha20 and Poly1305 has also been added and general support for SHA-3 in the PKIX APIs has been improved. A potential null pointer exception in the WNafUtil class has been removed and issues with escaping exceptions in PGPUtil.getDecoderStream() have been addressed.

Full details of the release, including the CVE details and numbers for the 10 CVE's resolved in this release can be found in the release notes at

Please check the release notes to check whether any of the CVEs dealt with may affect your use of the APIs. If you are affected we strongly recommend upgrading.

For the actual release and other details go to our latest releases page:
Add a comment...

Post has attachment
BC FIPS C# .NET module now available.

Thanks to sponsorship from WindTalker Security (, we are able to announce the final certification and public release of the BC FIPS C# APIs. In addition to a range of FIPS algorithms such as those for encryption, key agreement, key transport, signature generation, message hashing, and the more recent SHA-3 and SHAKE algorithms, the APIs also include some of the more popular algorithms used in IETF standards and post-quantum algorithms for key exchange (New Hope) and signature creation (SPHINCS-256). For more details see:

Any questions, or problems, please let us know at
Add a comment...

Beta of new Java TLS API and JSSE Provider now available,

Thanks to support received from the Linux Foundation's Core
Infrastructure Initiative we now have a new TLS API which is capable of
using the JCA/JCE as well as the BC light-weight API and also a JSSE
provider built on top of it.

Downloads are at and the code
is checked into

We believe the TLS API is fairly spot on, but we are still working out
all the requirements that the JSSE has on a provider, so feedback is
most welcome.

Please send any feedback to
Add a comment...
Wait while more posts are being loaded