bouncycastle.org_link管理

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

Latest Java Releases

BC-FJA 1.0.2.4 - Non Certified FIPS Release Candidate available for download

The BC-FJA 1.0.2.4 non-certified release candidate has come about as there is that changes in the JVM have lead to an interaction with BC-FJA 1.0.2.3 which makes it unsafe to use BC-FJA 1.0.2.3 with Java 13 or later (for a fuller description see the write up for CVE-2022-45146 ). Note : the interaction does not occur with BC-FJA 1.0.2.3 where it is used in accordance with its security policy on the JVMs that testing was done on. The BC-FJA 1.0.2.4 non-certified release candidate is a drop in replacement for BC-FJA 1.0.2.3 which fixes the issues observed with Java 13 and later and also provides support for dealing with the RSA PKCS 1.5 encryption transition and the TDES transition taking place at the end of 2023. It is possible to get the jar to behave identically to BC-FJA 1.0.2.3 in respect to the transition by making use the following security properties: Properties Applying to Triple-DES:

org.bouncycastle.tripledes.allow_drbg

org.bouncycastle.tripledes.allow_prf

org.bouncycastle.tripledes.allow_wrap

org.bouncycastle.tripledes.allow_enc

Properties Applying to RSA PKCS1.5 Encryption:

org.bouncycastle.rsa.allow_pkcs15_enc

Where the above properties are set to "true" the jar behave exactly like 1.0.2.3. Where they are not set, the jar will behave as if the transition has taken place. Note : the above jars are not certified , but are the closest thing to release candidates for the next update.

Release 1.75 is now available for download.

1.75 is a minor release. Unfortunately some Java 8 usages managed to "sneak" into the Java 5 to Java 8 jars making them less than ideal for anything other than Java 8. The 1.75 release fixes that and also a TLS issue and removes some deprecated methods and dead classes from the core ASN.1 library. Release 1.74 was largely a feature release, although it does include a patch for a CVE. The PQC algorithms LMS/HSS, SPHINCS+. Dilithium, Falcon, and NTRU are now supported directly by the BC provider. Logging in TLS/DTLS now covers connection events and includes connection specific unique IDs as well as cipher suite details. Connection ID support has been added to DTLS as per RFC 9146. The PGP API now supports processing of PGP V6 EC/EdEC keys as well as PGP V5 and PGP V6 AEAD encryption modes. A possible information leakage has been fixed in the LDAP CertStore API (see CVE-2023-33201). Some work has been done on improving both the size and the efficiency of the provider: the SIKE algorithm and its propery tables have been removed, the tables for Picnic have been compressed. The provider now makes better use of the JCA Service classes reducing thread contention. A buffering issue with Ascon has also been fixed as well as an issue with the clone constructor for Parallel Hash. Further details on other additions and bug fixes in 1.74 can be found in the release notes file accompanying the release.

Java Version Details With the arrival of Java 15. jdk15 is not quite as unambiguous as it was. The jdk18on jars are compiled to work with anything from Java 1.8 up. They are also multi-release jars so do support some features that were introduced in Java 9, Java 11, and Java 15. If you have issues with multi-release jars see the jdk15to18 release jars below.

Packaging Change (users of 1.70 or earlier): BC 1.71 changed the jdk15on jars to jdk18on so the base has now moved to Java 8. For earlier JVMs, or containers/applications that cannot cope with multi-release jars, you should now use the jdk15to18 jars.

Packaging Change (users of 1.68 or earlier): BC 1.69 introduced a new jar, bcutil-*.jar, which is a collection of classes which do not need to be in the JCE provider jar, but are used by the other APIs. You will find you will need to add the bcutil jar to the class path if you are using the other BC APIs.

Change Warning (users of 1.68 or earlier): The BKS-V1 KeyStore format is now disabled by default. See releasenotes for 1.69 for details to turn it on if required.

Change Warning (users of 1.52 or earlier): The PEM Parser now returns an X509TrustedCertificate block when parsing an openssl trusted certificate, the new object was required to allow the proper return of the trusted certificate's attribute block. Please also see the porting guide for advice on porting to this release from much earlier ones (release 1.45 or earlier).

Further Note (users of Oracle JVM 1.7 or earlier, users of "pre-Java 9" toolkits): As of 1.63 we have started including signed jars for "jdk15to18", if you run into issues with either signature validation in the JCE or the presence of the multi-release versions directory in the regular "jdk18on" jar files try the "jdk15to18" jars instead. Please also note the JCE certificate in the public access versions of Oracle Java 6 (6u45) and Oracle Java 7 (7u80) is expired on the 20th April 2021. We still counter sign the jdk15to18 jars with this certificate for compatibility reasons, but Oracle does distribute JVMs for Java 6 and Java 7 with a newer, and stronger, certificate to holders of Java Support Contracts.

Others have contributed to this release, both with code and/or financially and you can find them listed in the contributors file . We would like to thank holders of Keyfactor support contracts for additional time that was contributed back to this release through left over consulting time provided as part of their support agreements. Thank you, one and all!

If you're interested in grabbing the lot in one hit (includes JCE, JCE provider, light weight API, J2ME, range of JDK compatibility classes, signed jars, fries, and king prawns...) download crypto-175.tar.gz or crypto-175.zip , otherwise if you are only interested in one version in particular, see below. Early access to our FIPS hardened version of the Java APIs is now available for both BC-FJA 1.0.2.4, BC-FJA 2.0.0, and BC-FJA 2.1.0 as well, contact us at [email protected] for further information.

Get the most out of your Bouncy Castle experience!

Get a support contract through Keyfactor . We have found two things that distinguish our support contract holders from our regular user base. Developers with access to a support contract are more likely to raise an issue with us early rather than try and muddle through, and developers with access to a support contract also take a more active interest in the beta releases, both FIPS and non-FIPS. The second one is useful as it means any issues or shortfalls in the beta are able to be fixed while the updates are still in beta. The first one is a real cost saver as it does not lead to us receiving emails starting with "Our development team has spent (some number of) weeks trying to work out..." It is much cheaper to have a support contract!

Signed JAR files

From release 1.40 some implementations of encryption algorithms were removed from the regular jar files at the request of a number of users. Jars with names of the form *-ext-* still include these.

Provider Clean room JCE
and provider ASN.1 Utility Classes PKIX/CMS/EAC/PKCS
OCSP/TSP/OPENSSL SMIME Jakarta SMIME OpenPGP/BCPG DTLS/TLS API/JSSE Provider Test Classes JDK 1.8 and later bcprov-jdk18on-175.jar
bcprov-ext-jdk18on-175.jar bcutil-jdk18on-175.jar bcpkix-jdk18on-175.jar bcmail-jdk18on-175.jar bcjmail-jdk18on-175.jar bcpg-jdk18on-175.jar bctls-jdk18on-175.jar bctest-jdk18on-175.jar JDK 1.5 - JDK 1.8 bcprov-jdk15to18-175.jar
bcprov-ext-jdk15to18-175.jar bcutil-jdk15to18-175.jar bcpkix-jdk15to18-175.jar bcmail-jdk15to18-175.jar bcjmail-jdk15to18-175.jar bcpg-jdk15to18-175.jar bctls-jdk15to18-175.jar bctest-jdk15to18-175.jar JDK 1.4 bcprov-jdk14-175.jar
bcprov-ext-jdk14-175.jar bcutil-jdk14-175.jar bcpkix-jdk14-175.jar bcmail-jdk14-175.jar bcpg-jdk14-175.jar bctls-jdk14-175.jar (low-level only) bctest-jdk14-175.jar JDK 1.3 bcprov-jdk13-175.jar
bcprov-ext-jdk13-175.jar jce-jdk13-175.jar
jce-ext-jdk13-175.jar bcutil-jdk13-175.jar bcpkix-jdk13-175.jar bcmail-jdk13-175.jar bcpg-jdk13-175.jar bctest-jdk13-175.jar JDK 1.2 bcprov-jdk12-175.jar
bcprov-ext-jdk12-175.jar jce-jdk12-175.jar
jce-ext-jdk12-175.jar bcpkix-jdk12-175.jar bcpg-jdk12-175.jar bctest-jdk12-175.jar The following signed provider jars are provided so that you can make use of the debug information in them. In the case of the non-provider jars (bcpkix, bcpg, and bcmail), the jar files do not need to be signed to work. You can rebuild them with debug turned on, or operate directly from the source, if you need.

NOTE:

The tar archives were created using GNU tar (some versions of Solaris tar will have problems extracting them)

The J2ME source distribution includes zips for the class files

You can find the release notes, documentation, and specifications here .

You can find checksums for confirming the integrity of the distributions here

Mirrors
Too slow? You can also find the latest versions on one of our mirrors:

polydistortion.net

Beta Access
The current working betas, when available, for the next release for JDK 1.8 and later can be found at https://www.bouncycastle.org/betas . If you need a beta to be made available for another version of Java please ask by emailing [email protected].

Maven Access
The BC jars are now mirrored on the Maven central repository. You can find them at https://repo1.maven.org/maven2/org/bouncycastle .

GIT Access
Just want to look at the source? The source code repository is now mirrored on GitHub and accessible from here . The repository can be cloned using either
https: git clone https://github.com/bcgit/bc-java.git or git protocol git clone git://github.com/bcgit/bc-java.git

FTP Access
Previous releases, as well as the latest ones, can be downloaded from our ftp server ftp.bouncycastle.org . Please note the FTP server does not support passive mode.

Site hosted by Tau Ceti Co-operative Ltd .

Graphics provided by Geoff Hook .

Layout and design by Travis Winters .