Current FIPS Overview

The BC FIPS Java Description contains a broad overview of the motivations and design of the BC FIPS Java module.

As of BC Java 1.54 from a JCA/JCE point of view the module is largely a drop in replacement and can be used with the other BC APIs for certificate generation, CMS, TSP, S/MIME, OpenPGP and other protocols. Owing to the requirements of FIPS, particularly in respect to boundary issues the lightweight API is quite different, however the ASN.1 modules and the EC math module is the same.

Pending Release

Name: bc-fips-1.0.0.jar

BC FIPS Java 1.0.0 User Guide

BC FIPS Java 1.0.0 Security Policy

Status: The BC FIPS 1.0.0 module is currently in the NIST queue awaiting review. Progress of the module can be followed at: 

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf

The module is currently tested against the JRE 1.7 and the JRE 1.8. The module is source and byte code compatible back to JDK 1.5.

Planned Retests

We expect to do a retest of BC FIPS Java 1.0.0 against JDK 1.9 when it is finalised.

Planned Releases

bc-fips-1.1.0.jar

Scheduled Additions:

SHA-3 HMAC

SHA-3 Signature Algorithms: PKCS#1.5, RSA PSS, ECDSA, DSA

Possible Additions:

SP 800-38G: Methods for format preserving encryption

CSHAKE

KMAC