Latest Java Releases
Release 1.51 is now available for download.
This release includes bug fixes, security enhancements, and other improvements, as well as continuing our efforts to improve performance in the EC maths library with many of the SEC Fp curves now having custom implementations. AES Key Wrapping using RFC 5649 has been added, the OpenPGP API now provides full support for ECDH, and API support for dealing with PGP embedded signatures has been improved. There is now full support for client-auth validation in the D/TLS server code, and an encoding issue with D/TLS certificate requests has also been fixed. RC2/RC4 support in the the CMS API is now provider independent, GCM/GMAC now support tag lengths down to 32 bits, and KDFCounterBytesGenerator now supports suffix and prefix fixed input data as outlined in NIST SP 800-108. Support for BSI plain ECDSA, IVs for ECIES has also been added, and locale based date conversion has been added to the ASN.1 library. AEAD GCM AlgorithmParameters will now return a GCMParameterSpec object if the JVM supports it, PKCS#12 files containing keys/certificates with empty attribute sets attached no longer cause an exception and EC point formats are now strictly enforced in the TLS API. The lightweight stream ciphers and block cipher modes that have the capability to be used for streaming and random seeking have been extended to make it simpler to access the capability. Automatic EC point validation has been added, both for decoded inputs and multiplier outputs. Further details on other additions and bug fixes can be found in the release notes file accompanying the release.
Others have contributed to this release, both with code and/or financially. You can find them listed in the contributors file. We would also like to thank holders of Crypto Workshop support contracts as an additional 30 hours of time was contributed back to this release through left over consulting time provided as part of their support agreements. Thank you, one and all!
Note: this release has seen a further clean out of deprecated methods with the OpenPGP API being the main candidate. In association with the improvements to streaming and random seeking ciphers the return values on a couple of methods have also changed in the lightweight API, so we recommend compiling against this release before trying to use it.
One other note: if you're new to the new style of operator in OpenPGP and CMS and co, a brief document on how they are supposed to hang together is available on the BC wiki. If you think you are likely to do this a lot, you might also be interested in our guide project, which is now available as an initial draft. Please also see the porting guide for advice on porting to this release from much earlier ones (pre 1.46).
If you're interested in grabbing the lot in one hit (includes JCE, JCE provider, light weight API, J2ME, JDK1.2, JDK1.1, and JDK1.0 compatibility classes, signed jars, fries, and king prawns...) download crypto-151.tar.gz or crypto-151.zip, otherwise if you are only interested in one version in particular, see below.
Keeping the Bouncy Castle Project Going
With various algorithm changes, updates, security issues in protocols, and having to write vendor statements for organisations like CERT, keeping the Bouncy Castle project going is turning into a full time job and several of us have now given up permanent work in order to free up time to work on it. If you are making use of our software, and are interested in making sure we are always here when you need us, there are two principal ways you can help.
The first is by getting a support contract or by sponsoring specific work on the project. Not only will you get a hot-line to Bouncy Castle developers, consulting time, and release alerts if you need them, but, if you wish, we will also acknowledge your support publicly. You can find out further information on support contracts and consulting at Crypto Workshop.
Secondly, the Bouncy Castle APIs are now formally owned by a registered Australian Charity, the Legion of the Bouncy Castle Inc, ABN 84 166 338 567. Without considering the costs of actually doing what we do, we're also trying to raise money to allow us to get certifications such as FIPs for the APIs. We can accept donations via PayPal, Bitcoin, or direct transfer. If this sounds more like you, and you want to see this project continue to prosper, please visit our donations page to help. Thanks!
Signed JAR files
From release 1.40 some implementations of encryption algorithms were removed from the regular jar files at the request of a number of users. Jars with names of the form *-ext-* still include these (at the moment the list is: NTRU).
|Provider||Clean room JCE|
|JDK 1.5 - JDK 1.7||bcprov-jdk15on-151.jar
The following signed provider jars are provided so that you can make use of the debug information in them. In the case of the non-provider jars (bcpkix, bcpg, and bcmail), the jar files do not need to be signed to work. You can rebuild them with debug turned on, or operate directly from the source, if you need.
|Providers with debug|
|JDK 1.5 - JDK 1.7||bcprov-debug-jdk15on-151.jar||bcprov-ext-debug-jdk15on-151.jar|
Sources and JavaDoc
|JDK 1.5 - JDK 1.7||bcpkix-jdk15on-151.tar.gz||bcpkix-jdk15on-151.zip|
|JDK 1.5 - JDK 1.7||bcpg-jdk15on-151.tar.gz||bcpg-jdk15on-151.zip|
|JDK 1.5 - JDK 1.7||bcmail-jdk15on-151.tar.gz||bcmail-jdk15on-151.zip|
|JCE with provider and lightweight API||Lightweight API|
|JDK 1.5 - JDK 1.7||bcprov-jdk15on-151.tar.gz||bcprov-jdk15on-151.zip||lcrypto-jdk15on-151.tar.gz||lcrypto-jdk15on-151.zip|
|Releases no longer maintained|
You can find the release notes, documentation, and specifications here.
You can find checksums for confirming the integrity of the distributions here
Too slow? You can also find the latest versions on one of our mirrors:
The current working betas, when available, for the next release for JDK 1.3 to JDK 1.7 can be found at http://www.bouncycastle.org/betas. If you need a beta to be made available for another version of Java please ask by emailing email@example.com.
The BC jars are now mirrored on the Maven central repository. You can find them at http://repo2.maven.org/maven2/org/bouncycastle.
Just want to look at the source? The source code repository is now mirrored on GitHub and accessible from here. The repository can be cloned using either
git clone https://github.com/bcgit/bc-java.gitor git protocol
git clone git://github.com/bcgit/bc-java.git
Previous releases, as well as the latest ones, can be downloaded from our ftp server ftp.bouncycastle.org. Please note the FTP server does not support passive mode.