Welcome

Welcome to the home of the Legion of the Bouncy Castle Java cryptography APIs.

The Legion of the Bouncy Castle

The Bouncy Castle Crypto APIs are looked after by an Australian Charity, the Legion of the Bouncy Castle Inc. which looks after the care and feeding of the Bouncy Castle APIs. If you would like to help support this effort please see our donations page or purchase a support contract through Crypto Workshop (now part of Keyfactor)). Requests to sponsor specific enhancements and other work on the APIs are also most welcome.

The Bouncy Castle Crypto APIs for Java consist of the following:

  • A lightweight cryptography API.

  • A provider for the Java Cryptography Extension (JCE) and the Java Cryptography Architecture (JCA).

  • A provider for the Java Secure Socket Extension (JSSE).

  • A clean room implementation of the JCE 1.2.1.

  • A library for reading and writing encoded ASN.1 objects.

  • Lightweight APIs for TLS (RFC 2246, RFC 4346) and DTLS (RFC 6347/ RFC 4347).

  • Generators for Version 1 and Version 3 X.509 certificates, Version 2 CRLs, and PKCS12 files.

  • Generators for Version 2 X.509 attribute certificates.

  • Generators/Processors for S/MIME and CMS (PKCS7/RFC 3852).

  • Generators/Processors for OCSP (RFC 2560).

  • Generators/Processors for TSP (RFC 3161 & RFC 5544).

  • Generators/Processors for CMP and CRMF (RFC 4210 & RFC 4211).

  • Generators/Processors for OpenPGP (RFC 4880).

  • Generators/Processors for Extended Access Control (EAC).

  • Generators/Processors for Data Validation and Certification Server (DVCS) - RFC 3029.

  • Generators/Processors for DNS-based Authentication of Named Entities (DANE).

  • Generators/Processors for RFC 7030 Enrollment over Secure Transport (EST).

  • Signed jar versions suitable for JDK 1.4-1.8 and the Sun JCE.

The lightweight API works with everything from the J2ME to the JDK 1.8 and we now provide certificate generation, PKCS/CMS/CRMF/CMP/EAC/DANE/DVCS/TSP/TLS/DTLS and OpenPGP support across the full range of JDKs.

Except where otherwise stated, software produced by this site is covered by the following license.

Looking for something not listed? Have a look at the projects listed on our resources page.

Keep in touch!

For those who are interested, there are two mailing lists for participation in this project. To subscribe use the links below. (To unsubscribe, replace subscribe with unsubscribe in the message body)

announce-crypto-request@bouncycastle.org with subscribe in the message body. This mailing list is for new release announcements only, general subscribers cannot post to it.

dev-crypto-request@bouncycastle.org with subscribe in the message body. This mailing list is for discussion of development of the package. This includes bugs, comments, requests for enhancements, questions about use or operation.

NOTE:You need to be subscribed to send mail to the above mailing list.

A searchable archive of the dev mailing list is accessible off the mailing lists page.

If you want to provide feedback, offers of jobs (or more importantly beer) directly to the members of The Legion then please use feedback-crypto@bouncycastle.org


 
 
 
 
Follow us on:     

News

Java Release 1.78.1 is now available for download.

Monday 29th April 2024

This releases deals with several CVEs and also introduces an API for Message Layer Security (MLS: RFC 9420). In addition the 256 bit secure NTRU parameters have been added and both NTRU and SNTRU Prime are now added with support for Java 21's new KEM API. In addition there have been more bug fixes and other features have been added as well.

For more details go to our latest releases page to download the new version and see the release notes

Java Release 1.77 is now available for download.

Tuesday 13th November 2023

Primarily this release updates the NIST PQC finalists to the drafts published as FIPS PUB 203, 204, and 205. Some issues in DTLS have also been fixed and some additional control properties have been added to the BCJSSE. Support has also been added for PKCS#10 requests with altSignature/altPublicKey extensions and for DeltaCertificate requests. A final note: the TLS/JSSE APIs now disable RSA encryption based cipher-suites by default.

For more details go to our latest releases page to download the new version and see the release notes

Java FIPS Release 1.0.2.4 is now available for download.

Thursday 28th September 2023

A performance/utility patch to our fourth Java FIPS release, certified for Java 1.7, Java 1.8, Java 11, and Java 17 is now available at our Java FIPS page.. In addition to being certified for 1.7/1.8/11/17 the jar is also compatible with Java 1.5 and Java 1.6.

Java Release 1.76 is now available for download.

Saturday 29th July 2023

1.76 is a mixed release. The main changes are around DTLS/TLS and include support for a "jdk.tls.client.useCompatibilityMode" property, DTLS server support for client_certificate_type, and a fix for a regression causing null pointer exceptions on negotiating TLSv1.1 or earlier sessions. In addition, a bug in the high level Cipher.unwrap() method for HQC has been fixed, SPHINCS+ simple parameters are now fully supported by the BCPQC provider, and Kyber plus the Round 4 KEMs are now supported by the CRMF/CMS/CMP APIs. Further work has been done on updating the PGP APIs in line with the upcoming revision to the standard.

For more details go to our latest releases page to download the new version and see the release notes

Java Release 1.75 is now available for download.

Wednesday 21st June 2023

1.75 is a minor release. Unfortunately some Java 8 usages managed to "sneak" into the Java 5 to Java 8 jars making them less than ideal for anything other than Java 8. The 1.75 release fixes that and also a TLS issue and removes some deprecated methods and dead classes from the core ASN.1 library.

For more details go to our latest releases page to download the new version and see the release notes

Java Release 1.74 is now available for download.

Monday 12th June 2023

This release is primarily a feature release but also addresses CVE-2023-33201. LMS/HSS, SPHINCS+, Dilithium, Falcon, and NTRU are now better integrated with the BC provider. Further improvements have been made to DTLS/TLS logging and additional support for PGP V6 EC/EdEC keys and PGP V5/V6 AEAD modes has been added. Performance and optimization work has been done on both reducing the provider size and reducing possible thread contention. A buffering bug in Ascon, as well as some other bugs, have been fixed as well.

For more details go to our latest releases page to download the new version and see the release notes

You can also find the latest versions on one of our mirrors:

Java LTS 2.73.0 is now available for download.

Wednesday 24th May 2023

Our first LTS release for Java. Designed for as a long term stable release based on BC Java 1.73, the release also features JNI support for Intel hardware. Download it now from the Java LTS Page.

Java Release 1.73 is now available for download.

Saturday 8th April 2023

This release is both targeting features and security. Review of the PQC work has been done and significant issues found have been addressed in the implementations. Several candidate algorithms from the NIST lightweight cryptography competition have been added including the finalist Ascon. Performance has been improved in existing PQC implementations, EdDSA, PEM parsing, and CRC24 and implementations of Blake2bp, Blake2sp, and HPKE (RFC 9180) have been added to the light-weight APIs.

For more details go to our latest releases page to download the new version and see the release notes

You can also find the latest versions on one of our mirrors:

New Tutorials Section on Resources Page

Saturday 12th February 2022

Following the release of our first Keyfactor workshop video on using Bouncy Castle Java/Kotlin for PKI, we now have a tutorials section on our resources page. If this material is useful, let us know and we will try to organise more.

Java FIPS Release 1.0.2.3 is now available for download.

Wednesday 9th February 2022

A performance/utility patch to our third Java FIPS release, certified for Java 1.7, Java 1.8, and Java 11, is now available at our Java FIPS page.. In addition to being certified for 1.7/1.8/11 the jar is also compatible with Java 1.5 and Java 1.6.

Java FIPS Release 1.0.2.1 is now available for download.

Wednesday 5th May 2021

A CVE patch to our third Java FIPS release, certified for Java 1.7, Java 1.8, and Java 11, is now available at our Java FIPS page.. In addition to being certified for 1.7/1.8/11 the jar is also compatible with Java 1.5 and Java 1.6.

Java FIPS Release 1.0.1 is now available for download.

Thursday 15th March 2018

Our second Java FIPS release, certified for Java 1.7 and Java 1.8 is now available at our Java FIPS page.. In addition to being certified for 1.7/1.8 the jar is also compatible with Java 1.5 and Java 1.6.