Welcome to the home page for the Bouncy Castle C# API!

The Legion of the Bouncy Castle C# Port

Keeping the Bouncy Castle Project Going

With various algorithm changes, updates, security issues in protocols, and having to write vendor statements for organisations like CERT, keeping the Bouncy Castle project going is turning into a full time job and several of us have now given up permanent work in order to free up time to work on it. If you are making use of our software, and are interested in making sure we are always here when you need us, there are two principal ways you can help.

The first is by getting a support contract or by sponsoring specific work on the project. Not only will you get a hot-line to Bouncy Castle developers, consulting time, and release alerts if you need them, but, if you wish, we will also acknowledge your support publicly. You can find out further information on support contracts and consulting at Crypto Workshop.

Secondly, the Bouncy Castle APIs are now formally owned by a registered Australian Charity, the Legion of the Bouncy Castle Inc, ABN 84 166 338 567. Without considering the costs of actually doing what we do, we're also trying to raise money to allow us to get certifications such as FIPs for the APIs. We can accept donations via PayPal, Bitcoin, or direct transfer. If this sounds more like you, and you want to see this project continue to prosper, please visit our donations page to help. Thanks!

Current feature list:

  • Generation and parsing of PKCS-12 files.
  • X.509: Generators and parsers for V1 and V3 certificates, V2 CRLs and attribute certificates.
  • PBE algorithms supported by PbeUtilities: PBEwithMD2andDES-CBC, PBEwithMD2andRC2-CBC, PBEwithMD5andDES-CBC, PBEwithMD5andRC2-CBC, PBEwithSHA1andDES-CBC, PBEwithSHA1andRC2-CBC, PBEwithSHA-1and128bitRC4, PBEwithSHA-1and40bitRC4, PBEwithSHA-1and3-keyDESEDE-CBC, PBEwithSHA-1and2-keyDESEDE-CBC, PBEwithSHA-1and128bitRC2-CBC, PBEwithSHA-1and40bitRC2-CBC, PBEwithHmacSHA-1, PBEwithHmacSHA-224, PBEwithHmacSHA-256, PBEwithHmacRIPEMD128, PBEwithHmacRIPEMD160, and PBEwithHmacRIPEMD256.
  • Signature algorithms supported by SignerUtilities: MD2withRSA, MD4withRSA, MD5withRSA, RIPEMD128withRSA, RIPEMD160withECDSA, RIPEMD160withRSA, RIPEMD256withRSA, SHA-1withRSA, SHA-224withRSA, SHA-256withRSAandMGF1, SHA-384withRSAandMGF1, SHA-512withRSAandMGF1, SHA-1withDSA, and SHA-1withECDSA.
  • Symmetric key algorithms: AES, Blowfish, Camellia, CAST5, CAST6, ChaCha, DES, DESede, GOST28147, HC-128, HC-256, IDEA, ISAAC, Noekeon, RC2, RC4, RC5-32, RC5-64, RC6, Rijndael, Salsa20, SEED, Serpent, Skipjack, TEA/XTEA, Threefish, Tnepres, Twofish, VMPC and XSalsa20.
  • Symmetric key modes: CBC, CFB, CTS, GOFB, OFB, OpenPGPCFB, and SIC (or CTR).
  • Symmetric key paddings: ISO10126d2, ISO7816d4, PKCS-5/7, TBC, X.923, and Zero Byte.
  • Asymmetric key algorithms: ElGamal, DSA, ECDSA, NaccacheStern and RSA (with blinding).
  • Asymmetric key paddings/encodings: ISO9796d1, OAEP, and PKCS-1.
  • AEAD block cipher modes: CCM, EAX, GCM and OCB.
  • Digests: GOST3411, Keccak, MD2, MD4, MD5, RIPEMD128, RIPEMD160, RIPEMD256, RIPEMD320, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3, Tiger, and Whirlpool.
  • XOFs: SHAKE.
  • Signer mechanisms: DSA, ECDSA, ECGOST3410, ECNR, GOST3410, ISO9796d2, PSS, RSA, X9.31-1998.
  • Key Agreement: Diffie-Hellman, EC-DH, EC-MQV, J-PAKE, SRP-6a.
  • Macs: CBCBlockCipher, CFBBlockCipher, CMAC, GMAC, GOST28147, HMac, ISO9797 Alg. 3, Poly1305, SipHash, SkeinMac, VMPCMAC.
  • PBE generators: PKCS-12, and PKCS-5 - schemes 1 and 2.
  • OpenPGP (RFC 4880)
  • Cryptographic Message Syntax (CMS, RFC 3852), including streaming API.
  • Online Certificate Status Protocol (OCSP, RFC 2560).
  • Time Stamp Protocol (TSP, RFC 3161).
  • TLS/DTLS client/server up to version 1.2, with support for the most common ciphersuites and extensions, and many less common ones. Non-blocking API available.
  • Elliptic Curve Cryptography: support for generic F2m and Fp curves, high-performance custom implementations for many standardized curves.
  • Reading/writing of PEM files, including RSA and DSA keys, with a variety of encryptions.
  • PKIX certificate path validation


Software produced by this site is covered by the following license and was made possible with the help of the following contributors. If you are interested in sponsoring work on Bouncy Castle or getting commercial support for this or prior releases please contact us at Crypto Workshop.

Release 1.8.2, 9th April 2018

bccrypto-csharp-1.8.2-bin.zip Compiled assembly only.


bccrypto-csharp-1.8.2-src.zip Source code, examples, tests, documentation.


Release Notes for 1.8.2

Security Advisory
  • Carry propagation bugs in the implementation of squaring for several raw math classes have been fixed (Org.BouncyCastle.Math.Raw.Nat???). These classes are used by our custom elliptic curve implementations (Org.BouncyCastle.Math.Ec.Custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers. We consider these bugs to be exploitable for static ECDH with long-term keys, per "Practical realisation and elimination of an ECC-related software bug attack", Brumley et.al.
  • This release brings our Poly1305 implementation into line wih RFC 7539, which breaks backward compatibility. The essential difference from 1.8.1 is that the two halves of the 32-byte Poly1305 key have swapped places. If you have persisted Poly1305 keys, or are interoperating with other Poly1305 implementations, you may need to account for this change when migrating to 1.8.2.
Defects Fixed
  • DTLS now supports records containing multiple handshake messages.
Additional Features and Functionality
  • TLS: support for ClientHello Padding Extension (RFC 7685).
  • TLS: support for ECDH_anon key exchange.
  • BCrypt implementation added.
  • BLAKE2b and BLAKE2s implementations added.
  • GOST R 34.11-2012 implementation added.
  • DSTU-7564 message digest implementation added.
  • SM2 signatures, key exchange, and public key encryption implementations added.
Additional Notes
  • See the (cumulative) list of GitHub pull requests that we have accepted at bcgit/bc-csharp.

Release 1.8.1, 28th December 2015

bccrypto-csharp-1.8.1-bin.zip Compiled assembly only.


bccrypto-csharp-1.8.1-src.zip Source code, examples, tests, documentation.


Release Notes for 1.8.1

  • (D)TLS 1.2: Motivated by CVE-2015-7575, we have added validation that the signature algorithm received in DigitallySigned structures is actually one of those offered (in signature_algorithms extension or CertificateRequest). With our default TLS configuration, we do not believe there is an exploitable vulnerability in any earlier releases. Users that are customizing the signature_algorithms extension, or running a server supporting client authentication, are advised to double-check that they are not offering any signature algorithms involving MD5.
  • The Serpent cipher as of 1.8.0 is incompatible with the behaviour of Serpent in earlier releases; it has been modified to conform to the standard byte-order interpretation for blocks (and keys) as described in the NESSIE test-vectors. In keeping with common practice the previous behaviour is available from 1.8.0 as the "Tnepres" cipher. See BMA-52 for more information if this may affect you.
Additional Features and Functionality
  • Added support for ASN.1 GraphicString and VideotexString types.
  • Problems with DTLS record-layer version handling were resolved via BJA-584, making version negotiation work properly.
Additional Notes
Porting notes from the old ASN.1 library (pre 1.7)
For the most part code using the old subset of ASN.1 classes should be easy to transfer, providing the following changes are made:
  • DERObject becomes ASN1Object
  • DEREncodable becomes ASN1Encodable
  • getDERObject() becomes toASN1Object()
  • BERConstructedOctetString becomes BEROctetString
  • If you were using the older mutable DERConstructedSequence/Set and BERConstructedSequence, use an ASN1EncodableVector in conjunction with DERSequence/Set and BERSequence
  • BERInputStream and DERInputStream are replaced with ASN1InputStream
  • AsymmetricKeyParameter is now in the org.bouncycastle.crypto namespace

GIT Access
Just want to look at the source? The source code repository is now mirrored on GitHub and accessible from here. The repository can be cloned using either

git clone https://github.com/bcgit/bc-csharp.git
or git protocol
git clone git://github.com/bcgit/bc-csharp.git

CVS Access Note: this is now deprecated

Instructions for anonymous CVS access:

And then
    cvs co bc-csharp 
Using your favorite CVS client.

Keep in touch!

For those who are interested, there are two mailing lists for participation in this project. To subscribe use the links below. (To unsubscribe, replace subscribe with unsubscribe in the message body)

announce-crypto-csharp-request@bouncycastle.org with subscribe in the message body. This mailing list is for new release announcements only, general subscribers cannot post to it.

dev-crypto-csharp-request@bouncycastle.org with subscribe in the message body. This mailing list is for discussion of development of the package. This includes bugs, comments, requests for enhancements, questions about use or operation.

NOTE:You need to be subscribed to send mail to the above mailing list.

A searchable archive of the dev mailing list is accessible off the mailing lists page.

If you want to provide feedback, offers of jobs (or more importantly beer) directly to the members of The Legion then please use feedback-crypto@bouncycastle.org

Prior Releases

Release 1.8, 22nd November 2015

bccrypto-csharp-1.8.0-bin.zip Compiled assembly only.


bccrypto-csharp-1.8.0-src.zip Source code, examples, tests, documentation.


Release Notes for 1.8.0

  • The Serpent cipher as of 1.8.0 is incompatible with the behaviour of Serpent in earlier releases; it has been modified to conform to the standard byte-order interpretation for blocks (and keys) as described in the NESSIE test-vectors. In keeping with common practice the previous behaviour is available from 1.8.0 as the "Tnepres" cipher. See BMA-52 for more information if this may affect you.
Additional Features and Functionality
  • IV only re-initialisation is supported by using null as the key parameter when creating a ParametersWithIV object.
  • CMS Enveloped and AuthenticatedData now support OriginatorInfo.
  • Support for ECDSA_fixed_ECDH authentication has been added to the TLS client.
  • Support for the Features signature sub-packet has been added to the PGP API.
  • Classes involved in CRL manipulation have been rewritten to reduce memory requirements for handling and parsing extremely large CRLs.
  • An implementation of Password Authenticated Key Exchange by Juggling (J-PAKE) has been added.
  • Support has been added for SHA-512/224, SHA-512/256, as well as a general SHA-512/t in the lightweight API.
  • The TSP API now supports generation of certIDs based on digests other than SHA-1.
  • OCSP responses can now be included in CMS SignedData objects.
  • The SipHash MAC algorithm has been added.
  • DRBGs from NIST SP 800-90A (DualEC excluded) have been added to the Crypto.Prng namespace together with SecureRandom builders.
  • Support has been added for OCB mode.
  • DSA version 2 parameter and key generation is now supported.
  • A new interface IMemoable has been added for objects that can copy in and out their state. The digest classes now support this. A special class NonMemoableDigest has been added which hides the IMemoable interface where it should not be available.
  • TDEA is now recognised as an alias for DESede.
  • Support has been added for NIST SP 800-38D - GMAC to AES and other 128 bit block size algorithms.
  • The TLS API now supports TLS/DTLS 1.2 for both client and server
  • Full support is now provided for client-side auth in the D/TLS server code.
  • TLS: server-side support for DHE key exchange.
  • TLS: server-side support for PSK and SRP ciphersuites.
  • TLS: (EC)DSA now supports signatures with non-SHA1 digests.
  • TLS: support for ECDHE_ECDSA/AES/CCM ciphersuites from RFC 7251.
  • The TLS/DTLS code now includes a non-blocking API.
  • RFC 6637 ECDSA and ECDH support has been added to the OpenPGP API.
  • Implementations of Threefish and Skein have been added.
  • Implementation of the SM3 digest has been added.
  • Implementations of XSalsa20 and ChaCha have been added. Support for reduced round Salas20 has been added.
  • Support has been added for RFC 6979 Deterministic DSA/ECDSA.
  • Support for the Poly1305 MAC has been added.
  • GCM and GMAC now support tag lengths down to 32 bits.
  • Custom implementations for many of the NIST and SEC elliptic curves have been added, resulting in drastically improved performance. They can be accessed via the Crypto.EC.CustomNamedCurves class and are generally selected by other internal APIs in place of the generic implementations.
  • Automatic EC point validation added, both for decoded inputs and multiplier outputs.
  • Support has been added for X9.31-1998 DRBG.
  • Support has been added for the SHA3 family of digests, including SHAKE128 and SHAKE256. An implementation of the draft standard has been added as 'Keccak'.
  • The ASN.1 parser for ECGOST private keys will now parse keys encoded with a private value represented as an ASN.1 INTEGER.
  • SubjectPublicKeyInfoFactory now supports DSA parameters.
  • Improved performance of BigInteger.ModPow and random prime generation.
  • SecureRandom instances now seeded by RNGCryptoServiceProvider (where available).
  • An initial port of the Java "operators" mechanism has been introduced to support overriding of cryptographic primitives in high-level APIs e.g. for signing using an external provider.
Additional Notes

Release 1.7, 7th April 2011

Release includes the full lightweight API, as well as APIs for OpenPGP, CMS, TLS, X.509, PKCS#12, TSP, and Certificate Path validation.

bccrypto-net-1.7-bin.zip Compiled assembly only.

Checksums: md5 5d00db78caa759486c8ea4bbc23d7fc9

bccrypto-net-1.7-src.zip Source code, examples, tests, documentation.

Checksums: md5 a4b116ac9fc50e9d495968514e15f5eb

bccrypto-net-1.7-bin-ext.zip Compiled assembly only - includes the IDEA encryption algorithm.

Checksums: md5 e20b0d66296928f14f0b1cb2d86d980c

bccrypto-net-1.7-src-ext.zip Source code, examples, tests, documentation - includes the IDEA encryption algorithm.

Checksums: md5 3eb583a9b728d6f834edbf72800d2e47

Release Notes for 1.7

Additional Features and Functionality
  • TLS now supports client authentication.
  • TLS now supports compression.
  • TLS now supports ECC cipher suites (RFC 4492).
  • Library can now be built for Silverlight (2.0 and above).
  • ASN.1 classes for CRMF (RFC 4211) and CMP (RFC 4210) have been added.
  • Further performance improvements to GCM mode.
  • BufferedBlockCipher will now always reset after a DoFinal().
  • An IV can now be passed to an Iso9797Alg3Mac
Additional Notes

Release 1.6.1, 8th February 2009

Release includes the full lightweight API, as well as APIs for OpenPGP, CMS, TLS, X.509, PKCS#12, TSP, and Certificate Path validation.

bccrypto-net-1.6.1-bin.zip Compiled assembly only.
md5  6c61e739b048c76dbed38562742141f7
sha1 5a87f6bf74224073148052abf0dc5142e719a3de

bccrypto-net-1.6.1-src.zip Source code, examples, tests, documentation.
md5  ecd332c1747d84296a09e8e379732b40
sha1 517d730a35700b129bed53cdc68879b11b727fa5

bccrypto-net-1.6.1-bin-ext.zip Compiled assembly only - includes the IDEA encryption algorithm.
md5  2c1c3b443bb90df8ce509ca53d615b3a
sha1 fa3e2869bb0f5bccb1a5fc99fee1abd87da6519c

bccrypto-net-1.6.1-src-ext.zip Source code, examples, tests, documentation - includes the IDEA encryption algorithm.
md5  0b94ba85b458e0517bfa322108e5251f
sha1 fe2868feff8e5d12310040db9756fbee6a18f4c8

Release Notes for 1.6.1

Defects Fixed
  • X509DefaultEntryConverter was not recognising telephone number as a PrintableString field. This has been fixed.
  • OpenPGP now supports UTF-8 in file names for literal data.
  • Problems with the released assembly of the 1.6 version have been rectified.
Security Advisory
  • This version has been specifically reviewed to eliminate possible timing attacks on algorithms such as GCM and CCM mode.
Additional Features and Functionality
  • Support for PSS signatures has been added to CMS.
  • SubjectKeyIdentifier now supports both methods specified in RFC 3280, section for generating the identifier.
  • Performance of GCM mode has been greatly improved (on average 10x).
  • Support for mac lengths of 96, 104, 112, and 120 bits has been added to existing support for 128 bits in GCMBlockCipher.
  • Support for raw signatures has been extended to RSA, RSA-PSS and ECDSA. RSA support can be used in CmsSignedDataStreamGenerator to support signatures without signed attributes.
  • Support for EC MQV has been added to the light weight API and the CMS library.
Additional Notes

Release 1.5, 18th August 2009

Release includes the full lightweight API, as well as APIs for OpenPGP, CMS, TLS, X.509, PKCS#12, TSP, and Certificate Path validation.
bccrypto-net-1.5-bin.zip Compiled assembly only.
      checksums: md5 d886ecff8ffbb82b8b22dd474e617bf3
sha1 0b96049df50d5e99292a4b9f599d61fc2f852482
bccrypto-net-1.5-bin-ext.zip Compiled assembly only - includes the IDEA encryption algorithm.
      checksums: md5 aa2e0852fd17e8011649cadc14f7ff03
sha1 e70a86dc25d5ff8acdd3cd0c8e868bcdf8d7ac8c
bccrypto-net-1.5-src.zip Source code, examples, tests, documentation.
      checksums: md5 ab43eeeec7dd967db3edb95988838677
sha1 2ed08c563b57a7d8ca877a2d3b6f63375d77a724

Release Notes

Defects Fixed
  • Correct the ASN.1 class for AuthorityInformationAccess.
  • In the Bcpg libs, armored output now inserts the correct version string.
  • EssCertIDv2 encoding now complies with RFC 5035.
  • ECDSA now computes correct signatures for oversized hashes when the order of the base point is not a multiple of 8 in compliance with X9.62-2005.
  • Standard name "DiffieHellman" is now supported in factory classes.
  • Better support for equality tests for '#' encoded entries has been added to X509Name.
  • '=' inside a X509Name was not being properly escaped. This has been fixed.
  • ApplicationSpecific ASN.1 tags are now recognised in BER data. The GetObject() method now handles processing of arbitrary tags.
  • Multiplication by negative powers of two is fixed in BigInteger.
  • Multiple countersignature attributes are now correctly collected.
  • Two bugs in HC-128 and HC-256 related to sign extension and byte swapping have been fixed. The implementations now pass the latest ecrypt vector tests.
Security Advisory
  • The effect of the sign extension bug was to decrease the key space the HC-128 and HC-256 ciphers were operating in and the byte swapping inverted every 32 bits of the generated stream. If you are using either HC-128 or HC-256 you must upgrade to this release.
Additional Features and Functionality
  • PKIX certificate path validation.
  • Accept duplicate PKCS#9 FriendlyName attributes in PKCS#12 keystore.
  • Add support for PKCS#5 Scheme 2 keys.
  • Camellia performance improved.
  • A smaller version of Camellia, CamelliaLightEngine has also been added.
  • CmsSignedData generation now supports SubjectKeyIdentifier as well as use of issuer/serial.
  • A CMS PBE key holder for UTF8 keys has been added to the CMS API.
  • Salt and iteration count can now be recovered from PasswordRecipientInformation.
  • Support for reading and extracting personalised certificates in PGP Secret Key rings has been added.
  • Support for EAC algorithms has been added to CMS.
  • Asn1Dump now supports a verbose mode for displaying the contents of octet and bit strings.
  • Support for the SRP-6a protocol has been added.
Additional Notes

Release 1.4, 8th August 2008

Release includes the full lightweight API, as well as APIs for OpenPGP, CMS, TLS, X.509, and PKCS#12.
bccrypto-net-1.4-bin.zip Compiled assembly only - does not include the IDEA encryption algorithm.
      checksums: md5 519d136e335502f8b89205e8a1cba6a8
sha1 684ca0399e6d2cd7740975bf99f19ab1ebdf3ea2
bccrypto-net-1.4-bin-ext.zip Compiled assembly only - includes the IDEA encryption algorithm.
      checksums: md5 622a78d06e50143e108b140f241a116e
sha1 bafc307d24cbd38df9ab4f1ebe190aa914eee916
bccrypto-net-1.4-src.zip Source code, examples, tests, documentation.
      checksums: md5 d400421918c0c20f2f53fa003e25eb11
sha1 9e4f4c170d93e5f6ded100592dd8353a48b20e5f

Release Notes

Defects Fixed
  • The GeneralName string constructor now supports IPv4 and IPv6 address parsing.
  • EAX mode was not handling non-zero offsetted data correctly and failing. This has been fixed.
  • EAX mode ciphers were not resetting correctly after a DoFinal/Reset. This has been fixed.
  • Some boolean parameters to IssuingDistributionPoint were being reversed. This has been fixed.
  • A zero length RDN would cause an exception in an X509Name. This has been fixed.
  • Specifying a greater than 32bit length for a stream and relying on the default BcpgOutputStream resulted in corrupted data. This has been fixed.
  • Pkcs7Padding validation would not fail if pad length was 0. This has been fixed.
  • Signature creation time was not being properly initialised in new V4 PGP signature objects although the encoding was correct. This has been fixed.
  • The '+' character can now be escaped or quoted in the constructor for X509Name.
  • IV handling in CMS for SEED and Camellia was incorrect. This has been fixed.
  • ASN.1 stream parser now throws exceptions for unterminated sequences.
  • X509CertificateParser/X509CrlParser now handle multiple certificates/CRLs in streams that don't support seeking.
  • The CertID class used by the TSP library was incomplete. This has been fixed
  • \# is now properly recognised in the X509Name class.
  • BigInteger.ModInverse was failing for negative values. This has been fixed.
  • CMS API now supports RSASSA-PSS signatures with explicit salt length.
Additional Features and Functionality
  • ASN.1 libs now support high tag numbers.
  • Galois/Counter Mode (GCM) has been added.
  • The TSP API now supports parsing and validation of responses with V2 signing certificate entries.
  • Unnecessary local ID attributes on certificates in PKCS12 files are now automatically removed.
  • New Pkcs12StoreBuilder class supports generation of PKCS12 files with both certificates and keys protected by 3DES.
  • Certifications associated with user attributes can now be created, verified and removed in OpenPGP.
  • API support now exists for CMS countersignature reading and production.
  • A new class LazyAsn1InputStream supports lazy evaluation of DER sequences and sets, considerably reducing memory requirements in some scenarios.
  • KeyPurposeId class has been updated for RFC 4945.
  • Initial support has been added for HP_CERTIFICATE_REQUEST in the TLS API.
  • PGP example programs now handle blank names in literal data objects.
  • The ProofOfPossession class now better supports the underlying ASN.1 structure.
Additional Notes
  • Due to problems for some users caused by the presence of the IDEA algorithm, an implementation is no longer included in the default assembly. Only the assembly named BouncyCastle.CryptoExt now includes IDEA.
  • See also the list of resolved issues at Bouncy Castle JIRA C# 1.4

Release 1.3, 8th December 2007

Release includes the full lightweight API, as well as APIs for OpenPGP, CMS, TLS, X.509, and PKCS#12.
bccrypto-net-1.3-bin.zip Compiled assembly only.
      checksums: md5 41582f69026015d3ec025c1121831576
sha1 73d8a06c56f1c139bc6858142c75a56a2ee9dc9b
bccrypto-net-1.3-src.zip Source code, examples, tests, documentation.
      checksums: md5 78f12ded99fadd73bb7cba19ad1c04c8
sha1 5951c63bd04ddfcbb8c40646bbfd14063f50c0d3
Changes in this release:
  • ASN.1 stream parsing now handles definite length encodings efficiently.
  • Buffering in the streaming CMS has been reworked. Throughput is now usually higher and the behaviour is more predictable.
  • BcpgInputStream now handles data blocks in the 2**31->2**32-1 range.
  • Some confusion over the parameters J and L in connection with Diffie-Hellman has been resolved.
  • Added CryptoApiRandomGenerator, a wrapper for RNGCryptoServiceProvider.
  • Added VMPC stream cipher, VMPCMAC and a VMPC-based implementation of IRandomGenerator.
  • Added support in OpenPGP for fetching keyrings by case-insensitive user ID [#BMA-8].
  • Fixed a vulnerability of CMS signatures that do not use signed attributes (Bleichenbacher RSA forgery).
  • Fixed a bug causing second and later encrypted objects to be ignored in KeyBasedFileProcessor example.
  • Fixed case-sensitivity issue with deletion from a PKCS#12 file.
  • Fixed problem overwriting entities in a PKCS#12 file.
  • Fixed PgpUtilities.MakeKeyFromPassPhrase for 8-bit characters [#BMA-13].
  • Fixed duplicate certificate problem in Pkcs12Store.Save [#BMA-12].
  • Fixed NAnt build under Mono [#BMA-10].
  • Fixed BigInteger.ModPow for negative exponents [#BMA-7].

Release 1.2, 5th July 2007

Release includes the full lightweight API, as well as APIs for OpenPGP, CMS, TLS, X.509, and PKCS#12.
bccrypto-net-1.2-bin.zip Compiled assembly only.
      checksums: md5 7141ba8bc67317b71510ee0ab1251abf
sha1 5345e528436318cc1e2f523d5e5e1cac6f597ad5
bccrypto-net-1.2-src.zip Source code, examples, tests, documentation.
      checksums: md5 bc2bb75a4227f30ba0ff64d40424571c
sha1 09d0931d8c54075d19c130eb6082444deac9394b
Changes in this release:
  • Source now builds on .NET Compact Framework 1.0 (compilation flag NETCF_1_0).
  • Release assembly now signed with a strong name.
  • Added CCM and EAX block cipher modes.
  • Added Noekeon block cipher.
  • Added HC-128, HC-256, and ISAAC stream ciphers.
  • Added RIPEMD160withECDSA signature algorithm.
  • Added support for notation data signature subpackets to OpenPGP.
  • Added support for parsing of experimental signatures to OpenPGP.
  • Added the complete set of SEC-2 EC curves.
  • Added support for implicit tagging to DerApplicationSpecific.
  • Added remaining ASN.1 structures from RFC 3126 to Asn1.Esf namespace.
  • Performance of ECDSA improved.
  • Performance of ASN.1 stream parsing improved.
  • Fixed default private key length for Diffie-Hellman parameters.
  • Fixed DerT61String to correctly support 8-bit characters.
  • Fixed duplicate attribute problem in Pkcs12Store.Save.
  • Fixed a problem writing public keys in OpenPGP [#BMA-5].

Release 1.1, 4th May 2007

Release includes the full lightweight API, as well as APIs for OpenPGP, CMS, X.509, and PKCS#12.
bccrypto-net-1.1-bin.zip Compiled assembly only.
      checksums: md5 083ed774b70c2d5f39aab47966855b45 sha1 5c0ffa6a661bf28e3eb577a3ea0a2ab69dcbd354
bccrypto-net-1.1-src.zip Source code, examples, tests, documentation.
      checksums: md5 0795d7939b2fd982fc3db3209346135d sha1 3a252c379879ee5fbd389e7134a8aef20b9e74ea
Changes in this release:
  • Added support for writing DSA private keys, and more encodings, in OpenSsl (PemReader/PemWriter).
  • Removed SharpZipLib dependency.
  • Added RSA blinded signature classes.
  • Added Asn1.IsisMtt namespace (ISIS-MTT ASN.1 classes).
  • Added SEED block cipher engine.
  • Added Salsa20 stream cipher engine.
  • Performance optimisations for F2m elliptic curves.
  • Fixed OpenPGP bug decrypting files with multiple types of encryption on the session key.

Release 1.0, 19th January 2007

Release includes the full lightweight API, as well as APIs for OpenPGP, CMS, X.509, and PKCS#12.
bccrypto-net-1.0-bin.zip Compiled assembly only (SharpZipLib is required, but not included).
      checksums: md5 d1ab2bcfce6fb1b03b9a42a36ee171b0 sha1 3a545c220e79a5b2115bfc4c31a5a805965e4c8f
bccrypto-net-1.0-src.zip Source code, examples, tests, documentation.
      checksums: md5 ab75e0d50fc8dbea84a9297a574b03cf sha1 bd5ca9292615431f2a7c13e071e2191c747301d5

Release 0.0, 13th October 2003

The original C# port: lcrypto-csharp-119.zip - note: the original port is now well out of date, we strongly recommend migrating to the official release stream, apart from anything BigInteger is substantially faster and the new release supports OpenPGP, PKCS#12, CMS, and TSP as well.

MD5 checksum 3d95c79f6d5c6809a44d0032f64d33e0

Patch, 22 Nov 2004: (Only required for the original C# port) BigInteger.cs Fix to prevent BigInteger prime generation in original port from going into an infinite loop.

Follow us on:  Google+   


Release 1.8.2 is now available for download.

Monday 9th April 2018

Contains an important EC math fix and many minor fixes and improvements, as well as several new algorithms, including BCrypt, BLAKE2b/2s, GOST R 34.11-2012 and DSTU-7564.

Please see the release notes for further details.

C# .NET FIPS Release 1.0.1 is now available for download.

Thursday 24th November 2016

Our first C# .NET FIPS release, certified for CLR 4 is now available at our C# .NET FIPS page.. The APIs have been tested on .NET 4.6.1, and .NET 4.5.2.

Release 1.8.1

Monday 28th December 2015

This release is largely a security release, with extra validation now added to the (D)TLS 1.2 implementation to validate the signature algorithm in Digitally Signed structures. The release also fixes issues with DTLS record-layer version handling and adds support for ASN.1 GraphicString and VideotexString.

Please see the release notes for further details.

Release 1.8.0

Sunday 22nd November 2015

This release adds support for a range of new algorithms and protocols, including SHA-3, deterministic DSA/ECDSA, client and server side TLS/DTLS 1.2 support, SipHash, and X9.31 and NIST SP 800-90A DRGBs. RFC 6637 ECDSA and ECDH has been added to the OpenPGP API and the TSP API now supports generation of certIDs with digests other than SHA-1. Performance improvements have been made in a number of areas including BigInteger.ModPow, prime generation, and EC computations over many of the NIST and SEC elliptic curves. Other enhancements and bug fixes have also been made. Finally the Serpent implementation now conforms to the NESSIE test vectors as published, and the previous version of Serpent has been made available as Tnepres.

Please see the release notes for further details.

Release 1.7

Thursday 7th April 2011

This release adds client authentication to the TLS package, in addition to compression and ECC cipher suites. The library can now also be built for Silverlight (2.0 and above) and support classes have been added for the ASN.1 structures in CRMF (RFC 4211) and CMP (RFC 4210).

See the release notes for further details.

Archive for dev-crypto-csharp.

Wednesday 28th June 2006

See the C# mailing lists page.

Sponsored Links