2025-06-09
We are happy to announce the latest Bouncy Castle releases: Bouncy Castle Java 1.81 and Bouncy Castle C# .NET 2.6.1. These releases deliver critical updates in Post-Quantum Cryptography (PQC), interoperability, and lightweight cryptography for IoT. These enhancements are aimed at developers and engineering teams looking to stay ahead in cryptographic standards, with tangible benefits for security-conscious organizations preparing for a post-quantum future.
Both Bouncy Castle Java and C# .NET now support the finalized PKCS#8 private key formats for NIST PQC algorithms as defined by the IETF. This delivers reliable interoperability with other providers like OpenSSL 3.5 and supports seed-only and expanded-key encoding.
Who benefits: Teams archiving keys via CRMF or needing seamless cross-vendor compatibility.
Why it matters: Stable, interoperable private key formats reduce storage size and enhance ecosystem integration.
Support for ML-DSA and SLH-DSA signatures in CMS SignedData is now available in both Java and C# .NET.
Who benefits: Security architects and developers developing solutions for signing artifacts in quantum-aware environments.
Why it matters: Enables use of stateless PQC signatures, avoiding the operational complexity and risk of stateful algorithms like XMSS/LMS.
Note: CMS SignedData generation utilizing ML-DSA and SLH-DSA. These two standards are still in draft form with the IETF, but they appear to be stable.
Bouncy Castle Java and Bouncy Castle C# .NET now reflect the latest changes from SP 800-232 drafts, ensuring compatibility with NIST’s Ascon algorithm suite for constrained devices.
Who benefits: IoT solution builders working with embedded systems or memory-constrained environments.
Why it matters: Ascon is emerging as the lightweight standard — Bouncy Castle ensures you are aligned and ready.
Bouncy Castle Java’s JSSE now includes TLS support for ML-KEM-only and hybrid ML-KEM/classical cipher suites, aligned with the IETF’s latest drafts.
Who benefits: Organizations mitigating "harvest-now-decrypt-later" risks in TLS.
Why it matters: Owing to concerns around “capture then decrypt” there has been widespread adoption of the IETF drafts for ML-KEM and hybrid ML-KEM/Classical, particularly the hybrid case. This addition in Bouncy Castle allows users to make use of these cipher suites more generally, as well as being able to interoperate with environments using OpenSSL or BoringSSL which are configured to handle these new PQC based cipher suites.
Note: Bouncy Castle C# .NET already supports ML-KEM-only TLS. Work is ongoing for hybrid suite support.
Bouncy Castle .NET C# now includes an updated implementation of HQC, the second post-quantum KEM selected by NIST.
Who benefits: R&D teams designing crypto-agile systems or evaluating alternatives to lattice-based PQC.
Why it matters: At the moment, there is only one standardized KEM algorithm, ML-KEM. Apart from providing users with an algorithm relying on different principles, the fact we are now heading for a second KEM algorithm in HQC makes it possible to properly design and test KEM based systems with a view to evaluating their crypto agility.
Whether you are building secure IoT systems, implementing cryptographic protocols, or future-proofing enterprise applications, these updates:
Bouncy Castle Java 1.81 Release notes
Bouncy Castle C# .NET 2.6.1 Release notes