1. Home
  2. /
  3. Documentation
  4. /
  5. Documentation Bouncy Castle Java

Bouncy Castle for Java  Documentation

Explore our Bouncy Castle for Java, Java FIPS and Java LTS documentation for concise guidance and examples.

Bouncy Castle Java
hero-sub-1

Documentation

Find documentation, specifications, code examples and more to get started with Bouncy Castle for Java, Java FIPS and Java LTS.

API Documentation

Go directly to our API documentation for a complete specification of all classes, methods, and parameters.

Release notes

Find out detailed information about the latest release and search in older release notes.  

Specification &  Interoperability 

View the complete list of Certifications, supported Algorithms, Key Types, Message Digests and Expandable Output Functions, Post Quantum Algorithms CRLs, OCSP, Certificate Distribution, Certificate Enrollment Protocols and more. 

Test packages

Find our test packages on GitHub, they will help you quickly validate if you are on the right track 

FIPS Roadmap

Details about our current plans and versions in progress for the Bouncy Castle Java FIPS APIs can be found on the Java FIPS Roadmap.

Release notes

Find out detailed information about the latest Bouncy Castle Java, Java FIPS, and Java LTS releases here: 

Release notes for Bouncy Castle Java

Release notes for Bouncy Castle Java FIPS

Release notes for Bouncy Castle Java LTS

Documentation

This is the documentation, specifications, code examples, and more for the  Bouncy Castle Java, Java FIPS and LTS APIs.

Introduction

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms and cryptographic protocols that make use of the algorithms.

The package is organized so that it contains a low-level lightweight API suitable for use in any environment with additional infrastructure built on top of that to construct a provider conforming to the JCA framework.

Each distribution is built around a provider jar and includes extra jars for supporting X.509, PKIX, JavaMail, JakartaMail, OpenPGP, TLS, and MLS. 

Patents and Licensing

Except where otherwise stated, this software is distributed under LICENSE. The OpenPGP library and the MLS library both make use of additional open-source code, see Third Party Licenses.

Disclaimer: Currently, we have no knowledge of any patents that impact the Bouncy Castle APIs which require disclosure. Patent applicability does vary from country to country and users of the library are responsible for understanding the legal landscape in their own jurisdiction. 

That said, patent holders who wish to alert us to possible issues that may affect our user community are welcome to contact us via feedback-crypto@bouncycastle.org if they would like a disclosure notice included here.

Specifications and Interoperability 

The complete Specification and lists of Certifications, Supported Algorithms, Key Types, Message Digests and Expandable Output Functions, Post Quantum Algorithms CRLs, OCSP, Certificate Distribution, Certificate Enrollment Protocols and more,  can be found here 

Specification & Interoperability 

Bouncy Castle Java Documentation 

Note: the Bouncy Castle Specifications can be found on the Specification and Interoperability page

Important Notes 

  • In order to keep the size of the signed jar files down the regression tests are no longer included in them. See the bctest*.jar file for the appropriate JDK.
  • The JCE classes are only distributed with the JDK 1.1, JDK 1.2, and JDK 1.3 JCE releases. The JDK 1.4-1.15 release just contains the provider and lightweight API. The JDK 1.0, J2ME, and the JDK 1.1 and later lightweight releases only include the Bouncy Castle lightweight cryptography API.
  • If you are using JDK 1.4, or later, you must use the signed jar for the provider and you must download the unrestricted policy files for the Sun JCE if you want the provider to work properly. The policy files can be found at the same place as the JDK download. Further information on this can be found in the Sun documentation on the JCE. If you have not installed the policy files you will see something like this:

    java.lang.SecurityException: Unsupported keysize or algorithm parameters at javax.crypto.Cipher.init(DashoA6275)

Javadoc per JDK version

Test Packages

While there are some example packages for the Bouncy Castle Java distribution, the best place to find examples of use for the different features available in the Bouncy Castle APIs is in the different test packages written to exercise those features.

To view some examples, look at the test programs in the packages on GitHub: 

There are also some specific example programs for dealing with Attribute Certificates, PKCS12, SMIME, and OpenPGP. They can be found on GitHub:

Finally, you can download some code examples from Beginning Cryptography with Java which demonstrate both the use of the JCE/JCA and some of the Bouncy Castle APIs such as for certificate generation, CMS, and S/MIME. Note: the book was written to cover J2SE 5.0, while many of the examples will work with earlier JDKs, some will not compile if you are not using J2SE 5.0 or later.

Unfortunately, some examples in the book are now out of date (for 1.46 and above). You can also find more up-to-date documentation and examples in Java Cryptography: Tools and Techniques. A copy of the source code for the examples in the book can be downloaded here: java-crypto-tools-src.zip.

To verify the packages, run the following Java programs with the appropriate classpath:

Bouncy Castle Java FIPS Documentation

Here you can find Bouncy Castle Java FIPS-specific documentation. If you can't find what you're looking for here, please see the general Bouncy Castle Java documentation above. 

Latest release

Security Policy BC-FJA-SecurityPolicy-2.0.0.pdf
Known Issues Download file: BC-FJA-KnownIssues-2.0.0.csv
User Guides BC-FJA-UserGuide-2.0.0.pdf
  BC-FJA-(D)TLSUserGuide-2.0.19.pdf

Test Packages

Find examples of how to use the different features in the Bouncy Castle APIs in the test packages. 

BC FIPS in 100 mini-book BCFipsIn100.pdf
BC FIPS in 100 examples Download: bc-fips-100-java.tar.gz or bc-fips-100-java.zip
Default DRBG provider built on FIPS module (src + sample jar) Download: bcdefdrbg-fips-1.0.1.zip

Bouncy Castle Java LTS Documentation

Here you can find Bouncy Castle Java LTS-specific documentation. If you can't find what you're looking for, please see the general Bouncy Castle Java documentation above. 

Furthermore, the LTS project extends its support beyond Java, offering acceleration for Intel and ARM architectures where the underlying operating system allows for it.

Related Resources

Training: PKI at the edge with Bouncy Castle

Learn how to use Bouncy Castle for generating certificates and certification requests, including for EJBCA. To make these tasks easier for system administrators, we will also look at Kotlin DSL as a scripting language.

Watch the training: Training - PKI at the Edge with Bouncy Castle and EJBCA

See the documentation: How-to guides and exercises - PKI at the Edge

Tutorials and Workshops on Youtube

Go to the playlist: Bouncy Castle Tutorials and Workshops

EJBCA

EJBCA is a fully functional Certificate Authority using J2EE technology. EJBCA builds on the J2EE platform to create a robust, high performance, platform independent, flexible, and component based CA to be used standalone or integrated in any J2EE app.

Novosec Extensions

Novosec Extensions provides the following pure Java extensions to the Bouncy Castle framework and has been made freely available by www.novosec.com:

  • OCSP (RFC 2560) server and client
  • CMP (RFC 2510, RFC 2511) generator and parser.
JCE taglib

JCE taglib is a JSP tag library with cryptographic funtions and X.509 certificate generation based on BouncyCastle JCE. There is also a refactoring of JCE taglib CryptoLib on the main JCE taglib project page. CryptoLib can also be used with non-JSP projects.

LightCrypto

LightCrypto is a library of cryptographic functions based on the lightweight API, including some functions for use with HSQLDB embeddable database.

Portecle

Portecle is a user-friendly GUI application for creating, managing, and examining key stores, keys, certificates, certificate requests, certificate revocation lists, and more.

Jasypt

Jasypt - Java Simplified Encryption is a java library that allows the developer to add basic encryption capabilities to his/her projects with minimum effort. It offers transparent integration with Hibernate, an open API for use with any JCE provider, and is suitable for integration into Spring-based applications and ACEGI. Instructions on using it with Bouncy Castle can be found at: http://www.jasypt.org/bouncy-castle.html.

KeyTool IUI

KeyTool IUI is a free user friendly GUI application for creating, managing keys and keystores as an alternative to the JDK's KeyTool command.

Français

Cryptographie avec Bouncy Castle
Nyal
 
Ce tutoriel constitue une première approche pour l'utilisation de la bibliothèque Bouncy Castle.

Utiliser PGP avec Java et Bouncy Castle
Graham Jenkins (Traduction française par Simon Depiets, relecture de la traduction française par Joëlle Cornavin). 

English

Java Cryptography: Tools and Techniques
David Hook, Jon Eaves - Leanpub
 
Finished in 2022 and written by two founders of the Bouncy Castle project, as a successor to "Beginning Cryptography with Java", the book covers the recent features introduced in the JCA/JCE as well the latest changes to the BC APIs and the BCFIPS Java module including the recent introduction of Post-Quantum algorithms to the BC APIs. Coverage of certificate generation, CMS, S/MIME, OpenPGP, and the TLS APIs is also included. Also available as a Paperback Edition and a Kindle Tablet Edition

A copy of the source code for the examples in the book can be downloaded here: java-crypto-tools-src.zip.

Beginning Cryptography with Java
David Hook - Wrox
 
Written by a Bouncy Castle APIs committer, the book covers recent features introduced in the JCA/JCE cryptography APIs in JDK 1.5 and is up to date with the cryptography APIs in J2SE 5.0, including Elliptic Curve cryptography, as well as dealing with earlier versions of the JCE/JCA in earlier JDKs. The book also deals with provider installation, X.509 certificate generation, CRL generation, and the creation and processing of PKCS #10 certification requests using the JCA and the Bouncy Castle APIs. In addition, it covers certificate validation and certificate path processing with both CRLs and OCSP. Finally, it also covers using PKCS #12, processing CMS and S/MIME messages using the BC APIs, SSL using the JSSE, and gives an introduction in how to use the Bouncy Castle ASN.1 library.

The book also has some online resources including a forum and code examples to be downloaded: beg_crypto_examples.zip. While the code examples are probably still useful, this book is now somewhat dated and we would recommend Java Cryptography: Tools and Techniques instead.

Java Cryptography Extensions : Practical Guide for Programmers
Jason Weiss - Morgan Kaufmann
 
Covers the JCE and some parts of the JCA as seen in JDK 1.4.

Wireless Java: Developing with Java 2, Micro Edition
Jonathan Knudsen - Apress
 
Includes a section on developing with the Bouncy Castle Lightweight APIs.

J2EE Security for Servlets, EJBs, and Web Services
Pankaj Kumar - Prentice Hall PTR
 
Includes sections on the JCE, JCA and implementing PKI systems with Java and a discussion of what goes on under the covers when you install the Bouncy Castle provider.

Contents