Bouncy Castle Crypto Provider Package version 1.60 now available

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Bouncy Castle Crypto Provider Package version 1.60 now available

Jon Eaves
Release 1.60 is now out.

This release deals with two CVEs: one affecting RSA key pair generation
where the certainty value is being tweaked in the light-weight API, and
the other on properly validating an XMSS/XMSS^MT private key on reload.
In terms of improvements, the BCJSSE now supports SNI, CMS now supports
SHA-3 signatures, the Unified Model is now fully supported for
Diffie-Hellman with ephemeral keys, and PGP EC operations can support a
wider range of curves. Issues have also been fixed in EST, CRMF request
generation, and low-level support has been added for EdDSA.

Further details on other additions and bug fixes can be found in the
release notes at:

Thanks also goes to other people and organisations who have
contributed/donated to the project and you can find the updated list at

We would also like to thank holders of Crypto Workshop support
contracts as we were again able to fund extra work on this release
through time available from those.

For the actual release and other details go to our latest releases page:

And for those who like living on the bleeding edge, the betas for future
releases can be downloaded from:

and changes to the code base can be tracked via:

In other news, the first nine chapters of the new book, "Java
Cryptography: Tools and Techniques", are now completed as well
as some material for chapter 12 (certification requests) and chapter 15
(post quantum crypto). The book is available at:

If you download it, please be sure to sign up for updates. We are
issuing an updated version about once a month.

On the FIPS front, the Java FIPS 1.0.2 release is now available
under early access. The road map for this release can be found at:

If you are interested helping support the Bouncy Castle project through
donation, you can find the details on how to donate via PayPal or
Bitcoin, at:

The Legion of the Bouncy Castle Inc is a registered Australian
charity based in the State of Victoria, Australia.

If you wish to sponsor specific work on Bouncy Castle, get early access
to the FIPS APIs under development, or get a commercial support contract
for the APIs please contact us at Crypto Workshop
( )

Remember, you can also follow this project on Facebook ( ), Google+ ( ) and/or Twitter ( ).

Finally, for users of the maven repositories, 1.60 should be appearing
shortly on maven central. The GitHub repository has been updated as well.