Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated FIPS statements


At the moment, while we support all the algorithms, the answer is no. Up until recently it seemed unlikely we'll be able to do this as the costs involved are considerable and this is an all volunteer effort, however recently a charity has been established to take over the project and we are now able to raise funds to pay for certification. We have now raised the funds for a FIPS version of the Java APIs. As a result we now have a FIPS ready API which will be going in for testing soon and we are offering early access to people and organisations who either donate to the project or hold  Bouncy Castle support contracts through Crypto Workshop .  If you are interested in donating to this effort you can donate at our donations page. Contact us at if you would like further details.

10. If I am using the Bouncy Castle FIPS APIs is my application also FIPS compliant?

In general the answer to this is yes, providing you are using the API in accordance with the security policy that comes with the FIPS API. It is also possible to get third party reviews done if further assurance is required. Please contact us at Crypto Workshop if you would like further details.

11. What is Bouncy Castle's export classification in the United States of America?

At the time of writing (16 May 2007) Bouncy Castle is approved classified under ECCN code 5D002 and approved for export under License Exception TSU. If you also need to list algorithms available in the provider and the strengths supported, you can find the information in the specifications.html file provided with the distribution you are using. See The Bureau of Industry and Security website for further details.