Module Name
BC-FJA (Bouncy Castle FIPS Java API)
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys
Security Level Exceptions
Embodiment
Multi-Chip Stand Alone
Description
The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well.
Tested Configuration(s)
- Java SE Runtime Environment v7 (1.7.0) on Solaris 11 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade
- Java SE Runtime Environment v8 (1.8.0) on Centos 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade
- Java SE Runtime Environment v8 (1.8.0) on Ubuntu 14.04 LTS on VMWare ESXi 6.0 running on Simplivity OmniCube (single-user mode)
Approved Algorithms
AES |
Cert. #3756 |
CVL |
Certs. #704, #705 and #706 |
DRBG |
Cert. #1031 |
DSA |
Cert. #1043 |
ECDSA |
Cert. #804 |
HMAC |
Cert. #2458 |
KAS |
Cert. #73 |
KAS |
SP 800-56Arev2, vendor affirmed |
KBKDF |
Cert. #78 |
KTS |
vendor affirmed |
KTS |
AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength |
PBKDF |
vendor affirmed |
RSA |
Cert. #1932 |
SHA-3 |
Cert. #3 |
SHS |
Cert. #3126 |
Triple-DES |
Cert. #2090 |
Other Algorithms
Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; RSA (non-compliant); SCrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL