Latest Java Releases
Release 1.55 is now available for download.
This release sees further work on the post-quantum provider with the addition of the NewHope (March 2016 version) key exchange algorithm and the SPHINCS signature algorithm. The McEliece implementation has also been revised and now has KeyFactory implementation for it as well. The DANE API has been updated to reflect the latest standard changes. SHA-3 support has been added for HMAC as well as for the DSA, ECDSA, DDSA, and ECDDSA signature algorithms. SHA-3 support has also been added for RSA signatures and OAEP encryption. Support has been added for the GOST R34.11-2012 message digest as well. The TSP API now supports millisecond resolution in time-stamps and TLS supports RFC 7685 and ECDH_anon key exchange. The CMS password recipient generator now supports PRFs other than SHA-1 as well. In terms of bug fixes: issues with cloning of BLAKE digests, an occasional error in the Poly1305 calculator, UserNotice issues with empty sequences, and validation issues with time-stamp requests containing extensions have all been fixed. CRMF now recognises when non-default OAEP parameters are used and issues around the encoding of parameters for ECIES/IES have also been addressed.
Further details on other additions and bug fixes can be found in the release notes file accompanying the release.
Change Warning (users of 1.52 or earlier): The PEM Parser now returns an X509TrustedCertificate block when parsing an openssl trusted certificate, the new object was required to allow the proper return of the trusted certificate's attribute block. Please also see the porting guide for advice on porting to this release from much earlier ones (release 1.45 or earlier).
Others have contributed to this release, both with code and/or financially. You can find them listed in the contributors file. We would also like to thank holders of Crypto Workshop support contracts for additional time that was contributed back to this release through left over consulting time provided as part of their support agreements. Thank you, one and all!
If you're interested in grabbing the lot in one hit (includes JCE, JCE provider, light weight API, J2ME, range of JDK compatibility classes, signed jars, fries, and king prawns...) download crypto-155.tar.gz or crypto-155.zip, otherwise if you are only interested in one version in particular, see below. Early access to our FIPS hardened version of the Java APIs is now available as well, contact us at email@example.com for further information.
Are you serious about your cryptography?
If you have gotten this far you would have worked out that while we try not to take ourselves too seriously, we're very serious about what we do.
The Bouncy Castle project is now funded by a mixture of donations and support contracts through Crypto Workshop. The money raised through these efforts funds certification, lab testing, and developer time that's needed to review contributions, implement new algorithms and standards, as well as maintain the existing set of APIs. These are all serious things, and we undertsand that these tasks, and others, need to be done.
So, if you are as serious as we are about this, get a support contract, consider sponsoring some work, or if you don't have the resources for that consider a visit to our donations page. If you do get a support contract or sponsor some major work, your organisation will also benefit from a closer working relationship with the Bouncy Castle developers and our FIPS early access program. It's up to you.
Signed JAR files
From release 1.40 some implementations of encryption algorithms were removed from the regular jar files at the request of a number of users. Jars with names of the form *-ext-* still include these (at the moment the list is: NTRU).
|Provider||Clean room JCE|
|JDK 1.5 - JDK 1.8||bcprov-jdk15on-155.jar
The following signed provider jars are provided so that you can make use of the debug information in them. In the case of the non-provider jars (bcpkix, bcpg, and bcmail), the jar files do not need to be signed to work. You can rebuild them with debug turned on, or operate directly from the source, if you need.
|Providers with debug|
|JDK 1.5 - JDK 1.8||bcprov-debug-jdk15on-155.jar||bcprov-ext-debug-jdk15on-155.jar|
Sources and JavaDoc
|JDK 1.5 - JDK 1.8||bcpkix-jdk15on-155.tar.gz||bcpkix-jdk15on-155.zip|
|JDK 1.5 - JDK 1.8||bcpg-jdk15on-155.tar.gz||bcpg-jdk15on-155.zip|
|JDK 1.5 - JDK 1.8||bcmail-jdk15on-155.tar.gz||bcmail-jdk15on-155.zip|
|JCE with provider and lightweight API||Lightweight API|
|JDK 1.5 - JDK 1.8||bcprov-jdk15on-155.tar.gz||bcprov-jdk15on-155.zip||lcrypto-jdk15on-155.tar.gz||lcrypto-jdk15on-155.zip|
|Releases no longer maintained|
You can find the release notes, documentation, and specifications here.
You can find checksums for confirming the integrity of the distributions here
Too slow? You can also find the latest versions on one of our mirrors:
The current working betas, when available, for the next release for JDK 1.3 to JDK 1.8 can be found at http://www.bouncycastle.org/betas. If you need a beta to be made available for another version of Java please ask by emailing firstname.lastname@example.org.
The BC jars are now mirrored on the Maven central repository. You can find them at http://repo2.maven.org/maven2/org/bouncycastle.
Just want to look at the source? The source code repository is now mirrored on GitHub and accessible from here. The repository can be cloned using either
git clone https://github.com/bcgit/bc-java.gitor git protocol
git clone git://github.com/bcgit/bc-java.git
Previous releases, as well as the latest ones, can be downloaded from our ftp server ftp.bouncycastle.org. Please note the FTP server does not support passive mode.