Re: Bouncy castle jars usage conflicts

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Re: Bouncy castle jars usage conflicts

David Hook-3

Hi Shiva,

Sorry there is not a FIPS compliant version of the 1.50 jar. We do not expect to have one in the future either - the boundary issues that exist in 1.50, which we fixed by creating bc-fips-1.0.0 would likely make it impossible for a version of the 1.50 jar to survive the certification process.

Having said, the two versions of BC, if they have stuck with the JCA/JCE interfaces are not that far apart. If you can give me some idea of what issues are caused by dropping 1.50, I may be able to help you migrate the Apache code, or worst case, tell you that it really is impossible. It may also be worth getting in touch with them to see if there is any work going on to make their jar usable with the FIPS API. We have seen a couple projects do that already, just not that one.

Apologies I can't be more help on this one. If you have any further questions, please let me know.



On 24/07/17 18:15, Eppa, Shivaprasad wrote:



This is Shiva, from CA Technologies.


I have come across some problematic situation using bouncy castle jars for which I seek your support in resolving it.


In one of our web apps we have a dependency on apacheds-core library which internally require bcprov-jdk15-150.jar, whereas for our core development code we started to use fips compliant bc-fips-1.0.0.jar. I see that the bcprov-jdk15-150.jar has different API compared to bc-fips-1.0.0.jar and so I could not replace bcprov-jdk15-150.jar with bc-fips-1.0.0.jar. In this case we end up having two different versioned jars in the same webapp which creates more serious issues. Do you have any fips compliant library which has the API consistent with bcprov-jdk15-150.jar? Or do you plan to release as such in near future? Or do you have any other solutions for this case?


We are blocked with this situation, your quick reply shall help us to take the decision.


Thank you

Shivaprasad Eppa
Senior Software Engineer (ESTG)

CA Technologies | Plot 115/1, 115/16-115/21 | Hyderabad, 500032
Office: +77145 | Mobile: +91 9966909564 | [hidden email]CATwitterSlideshareFacebookYouTubeLinkedInGoogle+Google+