Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Module Validation Program

Certificate #2768

Details

Module Name
BC-FJA (Bouncy Castle FIPS Java API)
Standard
FIPS 140-2
Status
Active
Sunset Date
10/11/2021
Validation Dates
10/12/2016
3/26/2018
Overall Level
1
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys
Security Level Exceptions
  • Physical Security: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well.
Tested Configuration(s)
  • Java SE Runtime Environment v7 (1.7.0) on Solaris 11 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade
  • Java SE Runtime Environment v8 (1.8.0) on Centos 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade
  • Java SE Runtime Environment v8 (1.8.0) on Ubuntu 14.04 LTS on VMWare ESXi 6.0 running on Simplivity OmniCube (single-user mode)
FIPS Algorithms
AES Cert. #3756
CVL Certs. #704, #705 and #706
DRBG Cert. #1031
DSA Cert. #1043
ECDSA Cert. #804
HMAC Cert. #2458
KAS Cert. #73
KAS SP 800-56Arev2, vendor affirmed
KBKDF Cert. #78
KTS vendor affirmed
KTS AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength
PBKDF vendor affirmed
RSA Cert. #1932
SHA-3 Cert. #3
SHS Cert. #3126
Triple-DES Cert. #2090
Other Algorithms
Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; RSA (non-compliant); SCrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL
Software Versions
1.0.0

Vendor

Legion of the Bouncy Castle Inc.
85 The Crescent
Ascot Vale, Victoria 3032
Australia

David Hook
dgh@bouncycastle.org
Phone: +61438170390
Fax: n/a
Jon Eaves
jon@bouncycastle.org
Phone: +61417502969
Fax: n/a

Lab

InfoGard Laboratories, Inc.
NVLAP Code: 100432-0