Module Name
BC-FJA (Bouncy Castle FIPS Java API)
Validation Dates
12/17/2019
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well.
Tested Configuration(s)
- Centos 6.4 with on Java SE Runtime Environment v8 (1.8.0) on vSphere 6 running on a Cisco UCSB-B200-M4 Blade with an Intel® Xeon® E5
- Solaris 11 with on Java SE Runtime Environment v7 (1.7.0) on vSphere 6 running on a Cisco UCSB-B200-M4 Blade with an Intel® Xeon® E5
- Ubuntu 14.04 LTS on Java SE Runtime Environment v8 (1.8.0) on VMWare ESXi 6.0 running on Simplivity OmniCube with an Intel® Xeon® E5 (single-user mode)
FIPS Algorithms
| AES |
Cert. #3756 |
| CVL |
Certs. #704, #705 and #706 |
| DRBG |
Cert. #1031 |
| DSA |
Cert. #1043 |
| ECDSA |
Cert. #804 |
| HMAC |
Cert. #2458 |
| KAS |
Cert. #73 |
| KAS |
SP 800-56Arev2, vendor affirmed |
| KBKDF |
Cert. #78 |
| KTS |
vendor affirmed |
| KTS |
AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength |
| KTS |
Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength |
| PBKDF |
vendor affirmed |
| RSA |
Cert. #1932 |
| SHA-3 |
Cert. #3 |
| SHS |
Cert. #3126 |
| Triple-DES |
Cert. #2090 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)
