Bouncy Castle Crypto Provider Package version 1.53 now available
Release 1.53 is now out.
This release introduces the FIPS PUB 202 SHA3 digests and SHAKE
extendible output functions. The original Keccak is also included for
those wishing to use the original configuration of the function. Also
added is the SM4 block cipher, the SHA-3 contestant Blake2b, and EC Key
Agreement now supports a range of SEC and NIST variations. X9.31,
ISO9796-2, and PSS signatures now support SHA512-224 and SHA512-256. An
ASN.1 ObjectIdentifier cache based on an intern() method has been
introduced to reduce memory requirements for large ASN.1 objects such as
CRLs and provide better user control.
In terms of bug fixes, an issue which could cause cipher failure with
the BC provider and JCE/JSSE using NIO has been fixed, looping
certificate chains will no longer cause an OutOfMemoryException in
PKCS12 KeyStores, irregular post-amble in SMIME signatures no longer
cause verification issues, and the JceCRMFEncryptorBuilder now
recognises key size specific object identifiers properly. The provider
has also been updated to reflect changes in JDK 1.8 which broke
X509Certificate.hashCode() and X509Certificate.verify(PublicKey,
Provider). OpenPGP fixes include validation of hashed sub-packets with
long length encoding, and it is now possible to add a password to a PGP
key which did not have one originally.
Finally, ECIES has been modified to be properly compliant with Shoup's
definition of it and is now compatible with Crypto++ from version 6.0
onwards. We would also like to thank the team at Crypto++ for working
with us on this, interpretation combined with consensus is a great step
forward for interoperability!
Small Change Warning: The PEM Parser now returns an
X509TrustedCertificate block when parsing an openssl trusted
certificate, the new object was required to allow the proper return of
the trusted certificate's attribute block.
As always we are grateful to the people and organisations who have
contributed/donated to the project and you can find the updated list at
http://www.bouncycastle.org/contributors.html We would also like to
thank holders of Crypto Workshop support contracts as an additional 100
hours of time was contributed back to this release through left over
consulting time provided as part of the support agreements.
This release also features some work that arose out of our on-going FIPS
certification project, most particularly from work supported by our
primary sponsor Tripwire, Inc ( http://www.tripwire.com ) and some
additional work sponsored by Galois Inc ( http://www.galois.com ).
Thanks must go to both sponsors as well.
Speaking of FIPS, the APIs are now stable and will soon be going into
testing with the target JVMs being JDK 1.7 and JDK 1.8. You can find the
most recent document on the FIPS project at
https://www.bouncycastle.org/fips/BCFipsDescription-20151003.pdf Additional information on the FIPS project and early access to it is
available in answers to questions 9 and 10 at:
If you prefer to use direct bank transfer please feel free to discuss it
with us by contacting us at [hidden email] and we'll be happy
help. The Legion of the Bouncy Castle is a registered Australian charity
based in the State of Victoria, Australia.
If you wish to sponsor specific work on Bouncy Castle or get a
commercial support contract for the APIs please contact us at Crypto
Workshop ( http://www.cryptoworkshop.com )