Java FIPS Roadmap
Current FIPS Overview
The BC FIPS Java Description contains a broad overview of the motivations and design of the BC FIPS Java module.
As of BC Java 1.54 from a JCA/JCE point of view the module is largely a drop in replacement and can be used with the other BC APIs for certificate generation, CMS, TSP, S/MIME, OpenPGP and other protocols. Owing to the requirements of FIPS, particularly in respect to boundary issues the lightweight API is quite different, however the ASN.1 packages and the EC math package are the same.
Releases
Name: bc-fips-1.0.0.jar
Status: Released 11 November, 2016.
The module is currently tested against the JRE 1.7 and the JRE 1.8. The module is source and byte code compatible back to JDK 1.5.
Patch Releases
Name: bc-fips-1.0.1.jar
Patch release of bc-fips-1.0.0 (bug fixes, some improvements)
- Release Certified: 15th March 2018
- Certificate Number: 3152
- RELEASE NOTES: RELEASE_NOTES.md
1.0.1 is now available. 1.0.1 is certified against JRE 1.7 and JRE 1.8. It will run on JRE 1.5.
Name: bc-fips-1.0.2.jar
Patch release of bc-fips-1.0.1 (bug fixes, some improvements)
- Release Certified: 23rd August 2019
- Certificate Number: 3514
- RELEASE NOTES: RELEASE_NOTES.md
1.0.2 is now available. 1.0.2 is certified against JRE 1.7, JRE 1.8, and JRE 1.11. It will run on JRE 1.5.
Name: bc-fips-1.0.2.1.jar
Patch release of bc-fips-1.0.2 (bug fixes, some improvements)
- Release Certified: 18th April 2021
- Certificate Number: 3514
- RELEASE NOTES: RELEASE_NOTES.md
1.0.2.1 is now available. 1.0.2.1 is certified against JRE 1.7, JRE 1.8, and JRE 1.11. It will run on JRE 1.5.
Name: bc-fips-1.0.2.2.jar, bc-fips-1.0.2.3.jar
Patch release of bc-fips-1.0.2.1 (minor bug fixes, some performance and configuration improvements (1.0.2.3))
- Release Certified: 8th February 2022
- Certificate Number: 3514
- RELEASE NOTES: RELEASE_NOTES.md
1.0.2.2/1.0.2.3 is now available. 1.0.2.2/1.0.2.3 is certified against JRE 1.7, JRE 1.8, and JRE 1.11. It will run on JRE 1.5.
Name: bc-fips-1.0.2.4.jar
Patch release to add Java 17 to BC-FJA 1.0.2.3 as an operational environment. Removes the risk of CVE 2022-45146 and also deals with the end of the transition periods for PKCS 1.5 RSA encryption and TDES encryption. Module is now certified with certificate #4616.
Planned Releases
2.0.0 Stream
Name: bc-fips-2.0.0.jar
BC-FJA 2.0.0 was submitted for certification under FIPS 140-3 on Feb 3rd, 2022. 2.0.0 is now available for early access. 2.0.0 will incorporate features from Java 11 and later. It will not support JVMs earlier than Java 1.8. BC-FJA 2.0.0 has now completed testing and is in the submission queue. 2.0.0 has been tested on Java 8, 11, 17, and 21.
Scheduled Additions for BC FIPS 2.0.0
Approved Mode Algorithms
SHA-3 HMAC*
KMAC,TupleHash,ParallelHash*
SP 800-38G: Methods for format preserving encryption (FF1 and FF3-1)*
Non-approved Mode Algorithms
LMS (RFC 8554)*
ChaCha20*, Poly1305*, ChaCha20-Poly1305*
HKDF*
GOST R 34.11-2012*
GOST R 34.10-2012 (256 and 512)*
Other
Support for PKIXRevocationChecker and the properties "ocsp.enable", "ocsp.responderURL" and "org.bouncycastle.x509.enableCRLDP".*
Extra configuration options for the HYBRID DRBG chain to provide better control on entropy demand by the module.*
* Now in early access release.
Planned Releases
2.1.0 Stream
Name: bc-fips-2.1.0.jar
2.1.0 is now available for early access. 2.1.0 is compliant with FIPS 186-5 and includes a JNI layer for AES and SHA-256 acceleration. It will not support JVMs earlier than Java 1.8. As at April 9, 2023, BC-FJA 2.1.0 is about to commence testing.
1.0.0 Stream
Name: bc-fips-1.0.3.jar
Next release of bc-fips-1.0.2 (bug fixes, some improvements) and also continue to extend the life of 1.0.0 API past the initial 5 year archive date for the 1.0.0 certification. bc-fips-1.0.3 will be tested against Java 11, but will continue to support Java 1.8 and earlier JVMs. BC-FJA 1.0.3 will be done under FIPS 140-3.
Scheduled Additions for BC FIPS 1.0.3
Approved Mode Algorithms
KMAC,TupleHash,ParallelHash*
Other
See 2.0.0 list.