1. Home
  2. /
  3. Download
  4. /
  5. Download Bouncy Castle Java FIPS

Download Bouncy Castle for Java FIPS

Welcome to the download page for the FIPS-certified editions of Bouncy Castle Java. In addition to the available access options, including Maven Central and direct download, you will find searchable release notes and links to API and other documentation.

Bouncy Castle Java
hero-sub-2

Documentation

Check out the Bouncy Castle for Java documentation, including the Java FIPS documentation for clear guidance and examples.

View the Documentation

Join the Discussion

You can ask questions and learn from specialists in the Bouncy Castle Java forum on GitHub Discussions. We highly appreciate and value your input.

Go to GitHub Discussions

Report an issue

If you encounter any issues that require attention, feel free to report them in our GitHub repository. 

Report an Issue

Release notes

Find out detailed information about the latest release and search in older release notes.

Go to Release notes

Roadmap

Details about our current plans and versions in progress for Java FIPS can be found on the Java FIPS Roadmap.

View Roadmap

Donate to support the Bouncy Castle APIs

Supporting Bouncy Castle is now a substantial effort, the Java API is now over 300,000 lines, the C# one well past 140,000.

Donate

Bouncy Castle Java FIPS Downloads

Except where otherwise stated, this software is distributed under the regular Bouncy Castle license. For full details of other licenses involved, see Third party licenses

Distribution Files (JAR format)

The 2.1.0 release, BC-FJA 2.1.0 (Certificate #4943) , is certified for use on Java 8, Java 11, Java 17 and Java 21. The 2.1.1 release is a patch release on 2.1.0, going into submission. For differences see the release notes.

Note: as with the regular Java BC release, this distribution now has a bcutil jar containing classes that do not need to be in the certified provider jar. For most purposes you will need to include the bcutil jar in your application. Please see the release notes for details on this release.

Provider (patched) bc-fips-2.1.1.jar bc-fips-2.1.1-sources.jar bc-fips-2.1.1-javadoc.jar
Provider bc-fips-2.1.0.jar bc-fips-2.1.0-sources.jar bc-fips-2.1.0-javadoc.jar
ASN.1 Utility Classes bcutil-fips-2.1.4.jar bcutil-fips-2.1.4-sources.jar bcutil-fips-2.1.4-javadoc.jar
PKIX/CMS/EAC/PKCS/OCSP/TSP/OPENSSL bcpkix-fips-2.1.9.jar bcpkix-fips-2.1.9-sources.jar bcpkix-fips-2.1.9-javadoc.jar
SMIME bcmail-fips-2.1.6.jar bcmail-fips-2.1.6-sources.jar bcmail-fips-2.1.6-javadoc.jar
Jakarta SMIME bcjmail-fips-2.1.6.jar bcjmail-fips-2.1.6-sources.jar bcjmail-fips-2.1.6-javadoc.jar
OpenPGP/BCPG bcpg-fips-2.1.11.jar bcpg-fips-2.1.11-sources.jar bcpg-fips-2.1.11-javadoc.jar
DTLS/TLS API/JSSE Provider bctls-fips-2.1.20.jar bctls-fips-2.1.20-sources.jar bctls-fips-2.1.20-javadoc.jar

The 2.0.0 release, BC-FJA 2.0.0 (Certificate #4743) , is certified for use on Java 8, Java 11, Java 17 and Java 21.

Note: as with the regular Java BC release, this distribution now has a bcutil jar containing classes that do not need to be in the certified provider jar. For most purposes you will need to include the bcutil jar in your application though. Other details on differences between the 1.0.2 series and the 2.0.0 can be found in the porting guide.

Provider bc-fips-2.0.0.jar bc-fips-2.0.0-sources.jar bc-fips-2.0.0-javadoc.jar
ASN.1 Utility Classes bcutil-fips-2.0.3.jar bcutil-fips-2.0.3-sources.jar bcutil-fips-2.0.3-javadoc.jar
PKIX/CMS/EAC/PKCS/OCSP/TSP/OPENSSL bcpkix-fips-2.0.8.jar bcpkix-fips-2.0.8-sources.jar bcpkix-fips-2.0.8-javadoc.jar
SMIME bcmail-fips-2.0.5.jar bcmail-fips-2.0.5-sources.jar bcmail-fips-2.0.5-javadoc.jar
Jakarta SMIME bcjmail-fips-2.0.5.jar bcjmail-fips-2.0.5-sources.jar bcjmail-fips-2.0.5-javadoc.jar
OpenPGP/BCPG bcpg-fips-2.0.9.jar bcpg-fips-2.0.9-sources.jar bcpg-fips-2.0.9-javadoc.jar
DTLS/TLS API/JSSE Provider bctls-fips-2.0.20.jar bctls-fips-2.0.20-sources.jar bctls-fips-2.0.20-javadoc.jar

The 1.0.2.4 release, BC-FJA 1.0.2.4, is certified for use on Java 7, Java 8, Java 11, and Java 17.

Provider bc-fips-1.0.2.4.jar bc-fips-1.0.2.4-sources.jar bc-fips-1.0.2.4-javadoc.jar
PKIX/CMS/EAC/PKCS/OCSP/TSP/OPENSSL bcpkix-fips-1.0.7.jar bcpkix-fips-1.0.7-sources.jar bcpkix-fips-1.0.7-javadoc.jar
SMIME bcmail-fips-1.0.4.jar bcmail-fips-1.0.4-sources.jar bcmail-fips-1.0.4-javadoc.jar
Jakarta SMIME bcjmail-fips-1.0.4.jar bcjmail-fips-1.0.4-sources.jar bcjmail-fips-1.0.4-javadoc.jar
OpenPGP/BCPG bcpg-fips-1.0.7.1.jar bcpg-fips-1.0.7.1-sources.jar bcpg-fips-1.0.7.1-javadoc.jar
DTLS/TLS API/JSSE Provider bctls-fips-1.0.19.jar bctls-fips-1.0.19-sources.jar bctls-fips-1.0.19-javadoc.jar
Checksums

To confirm the integrity of the distributions, checksums are available:

Download BC-FJA 1.0.2.4 Checksums

Download BC-FJA 2.0.0 Checksums

Download BC-FJA 2.1.0 Checksums

Maven Central Signing Key

If you are trying to confirm the signatures for artifacts from Maven Central, you can use the public key linked below.

Download bc_maven_public_key.asc

Release notes

Find out detailed information about the latest Bouncy Castle Java FIPS releases and search in older release notes.  

Latest release Release BC-FJA 2.1.1 Release BC-FJA 2.1.0 Release BC-FJA 2.0.0 Release BC-FJA 1.0.2.4 Release BC-FJA 1.0.2.3 Release BC-FJA 1.0.2.2 Release BC-FJA 1.0.2.1 Release BC-FJA 1.0.2 Release BC-FJA 1.0.1 Release BC-FJA 1.0.0
Release BC-FJA 2.1.1
1 August, 2025
Name: bc-fips-2.1.1.jar In multi-JVM environments BC-FJA 2.1.0 could be found to create many directories for the .so files required for native support. The...

Name: bc-fips-2.1.1.jar

Defects Fixed

  • In multi-JVM environments BC-FJA 2.1.0 could be found to create many directories for the .so files required for native support. The 2.1.1 release includes the system/security property “org.bouncycastle.native.loader.install_dir” which allows a user to specify where the .so files should be found. If the directory does not exist initially the .so files will be installed in the install_dir and further invocations will check them for correctness and use them instead of creating their own copies. The .so files go into a versioned sub-directory to avoid issues with updating to new versions of the provider.
  • The JCE Cipher.doFinal() which takes input and output arrays can accidently overwrite input where the two arrays are the same and the output is offset to a different value from the input offset. This has been fixed.
  • Ed448 and Ed25519 were being dropped from the JCA provider when it was created with the org.bouncycastle.fips.approved_only set to true. This has been fixed.
  • LMS for signature verification was being dropped from the JCA provider when it was created with the org.bouncycastle.fips.approved_only set to true. This has been fixed.
  • The use of a private instance class, rather than a private static class in the AESNativeCBC class appears to be causing some garbage collectors to fail to collect native CBC ciphers when no longer in use. The class has now been made static and it appears this has resolved the garbage collection problem where it was reported.
Close