Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The RSA implementation that ships with Bouncy Castle only allows the encrypting of a single block of data. The RSA algorithm is not suited to streaming data and should not be used that way. In a situation like this you should encrypt the data using a randomly generated key and a symmetric cipher, after that you should encrypt the randomly generated key using RSA using an appropriate padding algorithm, and then send the encrypted data and the encrypted random key to the other end where they can reverse the process (iei.e. decrypt the random key using their RSA private key and then decrypt the data).


9. Is Bouncy Castle FIPS-140 certified?

At the moment, while we support all the algorithms, the answer is no. Up until recently it seemed unlikely we'll be able to do this as the costs involved are considerable and this is an all volunteer effort, however recently a charity has been established to take over the project and we are now able to raise funds to pay for certification. We have now managed to fund our way through a product review of the Java APIs and we also have enough funds to pay for the documentation review. We still need to raise around 40K USD for the final testing. We now have FIPS certified API with a release version of 1.0.0. Work on 1.0.1 has also begun. Access to the unreleased 1.0.1 version is available under an early access program which we offer to people and organisations who either donate 6000 USD, or more, to the project or hold  Bouncy Castle support contracts, Bronze level or above, through Crypto Workshop . The early access program also includes the CAVP test harness and other documentation in full source. If you are interested in donating to this effort in general you can donate at our donations page. Contact or contact us at if you would like further details. The 1.0.0 version is available at

10. If I am using the Bouncy Castle FIPS APIs is my application also FIPS compliant?

In general the answer to this is yes, providing you are using the API in accordance with the security policy that comes with the FIPS API. It is also possible to get third party reviews done if further assurance is required. Please contact us at Crypto Workshop if you would like further details.

11. What is Bouncy Castle's export classification in the United States of America?

At the time of writing (16 May 2007Originally (pre 2017) Bouncy Castle is was approved classified under ECCN code 5D002 and approved for export under License Exception TSU. As at this time of writing (June, 2017) the ECCN code for open source software like Bouncy Castle that has been registered (as in reviewed by BIS and released from “EI” and “NS” controls pursuant to §742.15(b) of the EAR), is now 5D992.c If you also need to list algorithms available in the provider and the strengths supported, you can find the information in the specifications.html file provided with the distribution you are using. See The Bureau of Industry and Security website for further details.