9. Is Bouncy Castle FIPS-140 certified?
At the moment, while we support all the algorithms, the answer is no. Up until recently it seemed unlikely we'll be able to do this as the costs involved are considerable and this is an all volunteer effort, however recently a charity has been established to take over the project and we are now able to raise funds to pay for certification. We now have a FIPS ready API which will be going in for testing soon and we are offering early access We now have FIPS certified API with a release version of 1.0.0. Work on 1.0.1 has also begun. Access to the unreleased 1.0.1 version is available under an early access program which we offer to people and organisations who either donate 6000 USD, or more, to the project or hold Bouncy Castle support contracts, Bronze level or above, through Crypto Workshop . The early access program also includes the CAVP test harness and other documentation in full source. If you are interested in donating to this effort in general you can donate at our donations page. Contact or contact us at email@example.com if you would like further details. The 1.0.0 version is available at https://www.bouncycastle.org/fips-java
10. If I am using the Bouncy Castle FIPS APIs is my application also FIPS compliant?
In general the answer to this is yes, providing you are using the API in accordance with the security policy that comes with the FIPS API. It is also possible to get third party reviews done if further assurance is required. Please contact us at Crypto Workshop if you would like further details.
11. What is Bouncy Castle's export classification in the United States of America?
At the time of writing (16 May 2007Originally (pre 2017) Bouncy Castle is was approved classified under ECCN code 5D002 and approved for export under License Exception TSU. As at this time of writing (June, 2017) the ECCN code for open source software like Bouncy Castle that has been registered (as in reviewed by BIS and released from “EI” and “NS” controls pursuant to §742.15(b) of the EAR), is now 5D992.c If you also need to list algorithms available in the provider and the strengths supported, you can find the information in the specifications.html file provided with the distribution you are using. See The Bureau of Industry and Security website for further details.