BC-FJA (Bouncy Castle FIPS Java API)

Certificate #4743

Webpage information ?

Status active
Validation dates 29.07.2024
Sunset date 28-07-2029
Standard FIPS 140-3
Security level 1
Type Software
Embodiment Multi-Chip Stand Alone
Caveat When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).
Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Description The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well.
Tested configurations
  • VMware Photon OS 4.0 with Java SE Runtime Environment v8 on VMware ESXi 8.0 running on Dell PowerEdge R650 with Intel Xeon Gold 6330, VMware Photon OS 4.0 with Java SE Runtime Environment v11 on VMware ESXi 8.0 running on Dell PowerEdge R650 with Intel Xeon Gold 6330, VMware Photon OS 4.0 with Java SE Runtime Environment v17 on VMware ESXi 8.0 running on Dell PowerEdge R650 with Intel Xeon Gold 6330, VMware Photon OS 5.0 with Java SE Runtime Environment v21 on VMware ESXi 8.0 running on Dell PowerEdge R650 with Intel Xeon Gold 6330
Vendor Legion of the Bouncy Castle Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, AES-, AES-128, AES-192, Twofish, Serpent, CAST5, CAST, RC4, RC2, DES, Triple-DES, TDEA, TDES, ChaCha20, Poly1305, IDEA, Blowfish, Camellia, SEED, HMAC, HMAC-SHA-256, KMAC, CMAC, CBC-MAC
Asymmetric Algorithms
RSA-OAEP, ECDSA, EdDSA, ECC, Diffie-Hellman, DH, DSA
Post-quantum Algorithms
LMS
Hash functions
SHA-1, SHA-256, SHA-224, SHA-384, SHA-512, SHA2, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA-3, SHA3, SHAKE128, SHAKE256, MD5, RIPEMD128, RIPEMD160, RIPEMD320, RIPEMD256, RIPEMD, scrypt, PBKDF, PBKDF2
Schemes
MAC, Key Agreement, AEAD
Protocols
SSH, TLS, TLS 1.2, TLSv1.2, TLS 1.0, TLS 1.1, IKEv2, PGP
Randomness
PRNG, DRBG, RNG, RBG
Libraries
OpenSSL, BouncyCastle
Elliptic Curves
P-256, P-384, P-521, P-224, P-192, K-233, K-283, K-409, K-571, B-233, B-409, B-571, B-283, K-163, B-163, Ed25519, Ed448
Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM

JavaCard API constants
X25519, X448
Trusted Execution Environments
SSC, SE
Vendor
Microsoft

Security level
Level 1
Side-channel analysis
timing attacks, timing attack

Standards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS 202, FIPS 186-3, FIPS PUB 140-3, SP 800-38A, SP 800-38G, SP 800-38C, SP 800-38B, SP 800-38D, SP 800-132, SP 800-38F, SP 800-185, NIST SP 800-107, SP 800-90B, NIST SP 800-90C, SP 800-89, SP 800-90A, PKCS #1, PKCS1, PKCS#12, PKCS#5, PKCS#1, RFC 8708, RFC 7914, ISO/IEC 24759

File metadata

Author Sowndar Gillan
Creation date D:20240723184301-04'00'
Modification date D:20240723184917-04'00'
Pages 52
Creator Acrobat PDFMaker 24 for Word
Producer Adobe PDF Library 24.2.121

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 12.08.2024 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf.
  • 03.08.2024 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4743,
  "dgst": "b444aa2fe427a388",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "TupleHash-128A4399",
        "ECDSA SigVer (FIPS186-4)A4399",
        "RSA Decryption PrimitiveA4399",
        "HMAC-SHA3-512A4399",
        "KAS-FFC Sp800-56Ar3A4399",
        "AES-CCMA4399",
        "ECDSA SigGen (FIPS186-4)A4399",
        "DSA PQGGen (FIPS186-4)A4399",
        "SHAKE-128A4399",
        "SHA3-512A4399",
        "KAS-IFCA4399",
        "ECDSA KeyVer (FIPS186-4)A4399",
        "SHA3-256A4399",
        "DSA PQGVer (FIPS186-4)A4399",
        "HMAC-SHA-1A4399",
        "KDF SRTPA4399",
        "SHA2-512/256A4399",
        "AES-CBC-CS1A4399",
        "SHA2-512/224A4399",
        "DSA SigVer (FIPS186-4)A4399",
        "KDF TLSA4399",
        "SHA2-224A4399",
        "Hash DRBGA4399",
        "RSA KeyGen (FIPS186-4)A4399",
        "KAS-ECC Sp800-56Ar3A4399",
        "cSHAKE-256A4399",
        "AES-CFB8A4399",
        "HMAC DRBGA4399",
        "SHAKE-256A4399",
        "KDF SSHA4399",
        "SHA2-384A4399",
        "ECDSA KeyGen (FIPS186-4)A4399",
        "Counter DRBGA4399",
        "AES-GMACA4399",
        "AES-KWPA4399",
        "HMAC-SHA2-256A4399",
        "KMAC-128A4399",
        "SHA2-256A4399",
        "DSA KeyGen (FIPS186-4)A4399",
        "KDA TwoStep SP800-56Cr2A4399",
        "HMAC-SHA3-224A4399",
        "SHA3-224A4399",
        "RSA Signature PrimitiveA4399",
        "HMAC-SHA2-512/256A4399",
        "ParallelHash-128A4399",
        "SHA-1A4399",
        "DSA SigGen (FIPS186-4)A4399",
        "Safe Primes Key GenerationA4399",
        "TupleHash-256A4399",
        "SHA2-512A4399",
        "AES-CTRA4399",
        "PBKDFA4399",
        "KMAC-256A4399",
        "HMAC-SHA3-384A4399",
        "KDF ANS 9.63A4399",
        "KDF SP800-108A4399",
        "HMAC-SHA2-512A4399",
        "AES-GCMA4399",
        "cSHAKE-128A4399",
        "AES-OFBA4399",
        "AES-FF1A4399",
        "Safe Primes Key VerificationA4399",
        "RSA SigVer (FIPS186-4)A4399",
        "AES-KWA4399",
        "HMAC-SHA2-384A4399",
        "KDF IKEv2A4399",
        "AES-ECBA4399",
        "ParallelHash-256A4399",
        "KDA HKDF SP800-56Cr2A4399",
        "RSA SigVer (FIPS186-2)A4399",
        "KTS-IFCA4399",
        "SHA3-384A4399",
        "KDF SNMPA4399",
        "RSA SigGen (FIPS186-4)A4399",
        "HMAC-SHA2-224A4399",
        "AES-CFB128A4399",
        "AES-CBCA4399",
        "HMAC-SHA3-256A4399",
        "AES-CBC-CS3A4399",
        "KDA OneStep SP800-56Cr2A4399",
        "HMAC-SHA2-512/224A4399",
        "AES-CMACA4399",
        "AES-CBC-CS2A4399"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "-"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 2
          },
          "ECDSA": {
            "ECDSA": 17
          },
          "EdDSA": {
            "EdDSA": 2
          }
        },
        "FF": {
          "DH": {
            "DH": 12,
            "Diffie-Hellman": 7
          },
          "DSA": {
            "DSA": 28
          }
        },
        "RSA": {
          "RSA-OAEP": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 7
        },
        "CCM": {
          "CCM": 5
        },
        "CFB": {
          "CFB": 1
        },
        "CTR": {
          "CTR": 7
        },
        "ECB": {
          "ECB": 4
        },
        "GCM": {
          "GCM": 18
        },
        "OFB": {
          "OFB": 4
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "BouncyCastle": {
          "BouncyCastle": 1
        },
        "OpenSSL": {
          "OpenSSL": 2
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKEv2": 11
        },
        "PGP": {
          "PGP": 1
        },
        "SSH": {
          "SSH": 10
        },
        "TLS": {
          "TLS": {
            "TLS": 25,
            "TLS 1.0": 1,
            "TLS 1.1": 1,
            "TLS 1.2": 3,
            "TLSv1.2": 2
          }
        }
      },
      "crypto_scheme": {
        "AEAD": {
          "AEAD": 1
        },
        "KA": {
          "Key Agreement": 9
        },
        "MAC": {
          "MAC": 9
        }
      },
      "device_model": {},
      "ecc_curve": {
        "Edwards": {
          "Ed25519": 2,
          "Ed448": 2
        },
        "NIST": {
          "B-163": 1,
          "B-233": 7,
          "B-283": 3,
          "B-409": 6,
          "B-571": 5,
          "K-163": 1,
          "K-233": 5,
          "K-283": 3,
          "K-409": 6,
          "K-571": 4,
          "P-192": 2,
          "P-224": 10,
          "P-256": 12,
          "P-384": 12,
          "P-521": 8
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 4
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES- 256": 1,
          "AES-128": 1,
          "AES-192": 1,
          "AES-CTR 256": 1,
          "AES-GCM Decrypt KAT (128": 1,
          "AES-GCM Encrypt KAT (128": 1,
          "DRBG 1": 1,
          "DRBG16": 18,
          "DRBG7": 1,
          "DSA2": 1,
          "HMAC SHA- 512/224": 1,
          "HMAC SHA- 512/256": 3,
          "HMAC SHA-1": 3,
          "HMAC SHA-224": 3,
          "HMAC SHA-256": 4,
          "HMAC SHA-384": 3,
          "HMAC SHA-512": 3,
          "HMAC SHA-512/224": 2,
          "HMAC-SHA-256": 2,
          "PAA 2": 1,
          "PAA 3": 1,
          "PAA 4": 1,
          "PKCS #1": 8,
          "PKCS#1": 6,
          "PKCS#12": 6,
          "PKCS#5": 6,
          "PKCS1": 8,
          "SHA- 2": 1,
          "SHA- 224": 2,
          "SHA- 384": 1,
          "SHA- 512": 2,
          "SHA-1": 14,
          "SHA-224": 6,
          "SHA-256": 10,
          "SHA-3": 8,
          "SHA-384": 7,
          "SHA-512": 6,
          "SHA2": 1,
          "SHA2- 224": 3,
          "SHA2-224": 2,
          "SHA2-256": 8,
          "SHA2-384": 6,
          "SHA2-512": 7,
          "SHA3": 1,
          "SHA3- 256": 1,
          "SHA3- 512": 3,
          "SHA3-224": 7,
          "SHA3-256": 6,
          "SHA3-384": 7,
          "SHA3-512": 4
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 5
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 6
          }
        },
        "PBKDF": {
          "PBKDF": 20,
          "PBKDF2": 2
        },
        "RIPEMD": {
          "RIPEMD": 1,
          "RIPEMD128": 2,
          "RIPEMD160": 2,
          "RIPEMD256": 1,
          "RIPEMD320": 2
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 14
          },
          "SHA2": {
            "SHA-224": 6,
            "SHA-256": 10,
            "SHA-384": 7,
            "SHA-512": 6,
            "SHA2": 1
          },
          "SHA3": {
            "SHA-3": 8,
            "SHA3": 1,
            "SHA3-224": 7,
            "SHA3-256": 6,
            "SHA3-384": 7,
            "SHA3-512": 4
          }
        },
        "SHAKE": {
          "SHAKE128": 1,
          "SHAKE256": 2
        },
        "scrypt": {
          "scrypt": 1
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {
        "curves": {
          "X25519": 2,
          "X448": 2
        }
      },
      "javacard_packages": {
        "java": {
          "java.security": 2
        },
        "org": {
          "org.bouncycastle.crypto": 1,
          "org.bouncycastle.entropy": 1,
          "org.bouncycastle.fips": 2,
          "org.bouncycastle.util": 1
        }
      },
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {
        "LMS": {
          "LMS": 1
        }
      },
      "randomness": {
        "PRNG": {
          "DRBG": 61,
          "PRNG": 2
        },
        "RNG": {
          "RBG": 2,
          "RNG": 2
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "timing attack": 1,
          "timing attacks": 1
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 13,
          "FIPS 180-4": 2,
          "FIPS 186-3": 1,
          "FIPS 186-4": 7,
          "FIPS 197": 2,
          "FIPS 198-1": 2,
          "FIPS 202": 2,
          "FIPS PUB 140-3": 1
        },
        "ISO": {
          "ISO/IEC 24759": 2
        },
        "NIST": {
          "NIST SP 800-107": 1,
          "NIST SP 800-90C": 1,
          "SP 800-132": 4,
          "SP 800-185": 1,
          "SP 800-38A": 3,
          "SP 800-38B": 2,
          "SP 800-38C": 2,
          "SP 800-38D": 3,
          "SP 800-38F": 2,
          "SP 800-38G": 2,
          "SP 800-89": 1,
          "SP 800-90A": 1,
          "SP 800-90B": 3
        },
        "PKCS": {
          "PKCS #1": 4,
          "PKCS#1": 3,
          "PKCS#12": 3,
          "PKCS#5": 3,
          "PKCS1": 4
        },
        "RFC": {
          "RFC 7914": 1,
          "RFC 8708": 2
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 46,
            "AES-": 6,
            "AES-128": 1,
            "AES-192": 1
          },
          "CAST": {
            "CAST": 3,
            "CAST5": 1
          },
          "RC": {
            "RC2": 1,
            "RC4": 1
          },
          "Serpent": {
            "Serpent": 1
          },
          "Twofish": {
            "Twofish": 1
          }
        },
        "DES": {
          "3DES": {
            "TDEA": 7,
            "TDES": 1,
            "Triple-DES": 7
          },
          "DES": {
            "DES": 4
          }
        },
        "constructions": {
          "MAC": {
            "CBC-MAC": 1,
            "CMAC": 7,
            "HMAC": 67,
            "HMAC-SHA-256": 1,
            "KMAC": 14
          }
        },
        "djb": {
          "ChaCha": {
            "ChaCha20": 2
          },
          "Poly": {
            "Poly1305": 2
          }
        },
        "miscellaneous": {
          "Blowfish": {
            "Blowfish": 1
          },
          "Camellia": {
            "Camellia": 1
          },
          "IDEA": {
            "IDEA": 1
          },
          "SEED": {
            "SEED": 1
          }
        }
      },
      "tee_name": {
        "IBM": {
          "SE": 79,
          "SSC": 1
        }
      },
      "tls_cipher_suite": {},
      "vendor": {
        "Microsoft": {
          "Microsoft": 12
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Sowndar Gillan",
      "/Company": "",
      "/CreationDate": "D:20240723184301-04\u002700\u0027",
      "/Creator": "Acrobat PDFMaker 24 for Word",
      "/ModDate": "D:20240723184917-04\u002700\u0027",
      "/Producer": "Adobe PDF Library 24.2.121",
      "/SourceModified": "D:20240717172509",
      "/Title": "",
      "pdf_file_size_bytes": 1388537,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "mailto:[email protected]",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34251",
          "https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=16951",
          "https://www.bouncycastle.org/",
          "https://nvd.nist.gov/"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 52
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "75e479f56d8ed9a6e740270d913e0bdc6cf5480b5780a374c581e1195bcd20e8",
    "policy_txt_hash": "acc11cadc0df6cc63f708f99d10ab32e23dca81629c2e815c10daf3bbd59c8c8"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/July 2024_010824_1146.pdf",
    "date_sunset": "2029-07-28",
    "description": "The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Documentation requirements: N/A",
      "Cryptographic module security policy: N/A"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "BC-FJA (Bouncy Castle FIPS Java API)",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": "2.0.0",
    "tested_conf": [
      "VMware Photon OS 4.0 with Java SE Runtime Environment v8 on VMware ESXi 8.0 running on Dell PowerEdge R650 with Intel Xeon Gold 6330, VMware Photon OS 4.0 with Java SE Runtime Environment v11 on VMware ESXi 8.0 running on Dell PowerEdge R650 with Intel Xeon Gold 6330, VMware Photon OS 4.0 with Java SE Runtime Environment v17 on VMware ESXi 8.0 running on Dell PowerEdge R650 with Intel Xeon Gold 6330, VMware Photon OS 5.0 with Java SE Runtime Environment v21 on VMware ESXi 8.0 running on Dell PowerEdge R650 with Intel Xeon Gold 6330"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-07-29",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Legion of the Bouncy Castle Inc.",
    "vendor_url": "https://www.bouncycastle.org/"
  }
}