Module Name
BC-FNA (Bouncy Castle FIPS .NET API)
Historical Reason
Moved to historical list due to sunsetting
Caveat
When installed, initialized and configured as specified in the Security Policy Section 8 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.
Security Level Exceptions
Embodiment
Multi-Chip Stand Alone
Description
The Bouncy Castle FIPS .NET API is a comprehensive suite of FIPS Approved algorithms implemented in pure C#. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms, including some post-quantum ones, are available in non-approved operation as well.
Tested Configuration(s)
- Microsoft Windows 10 Professional (64-bit) on .NET 4.5.2 framework running on Dell XPS 15 7590 with Intel Core i7-9750H (single-user mode)
Approved Algorithms
AES |
Cert. #C2202 |
CVL |
Cert. #C2202 |
DRBG |
Cert. #C2202 |
DSA |
Cert. #C2202 |
ECDSA |
Cert. #C2202 |
HMAC |
Cert. #C2202 |
KAS-SSC |
vendor affirmed |
KTS |
AES Cert. #C2202; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
Triple-DES Cert. #C2202; key establishment methodology provides 112 bits of encryption strength |
KTS |
vendor affirmed |
PBKDF |
vendor affirmed |
RSA |
Cert. #C2202 |
SHA-3 |
Cert. #C2202 |
SHS |
Cert. #C2202 |
Triple-DES |
Cert. #C2202 |
Other Algorithms
MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ARC4; Camellia; ChaCha; ElGamal; NewHope; OpenSSL PBKDF; PKCS#12 PBKDF; Poly1305; SEED; Serpent; SPHINCS-256
Software Versions
1.0.1.1