Module Name
BC-FJA (Bouncy Castle FIPS Java API)
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The Bouncy Castle FIPS Java API is a comprehensive suite of FIPS Approved algorithms implemented in pure Java. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms are available in non-approved operation as well.
Tested Configuration(s)
- Centos 6.4 with on Java SE Runtime Environment v8 (1.8.0) on vSphere 6 running on a Cisco UCSB-B200-M4 Blade with an Intel® Xeon® E5
- Solaris 11 with on Java SE Runtime Environment v7 (1.7.0) on vSphere 6 running on a Cisco UCSB-B200-M4 Blade with an Intel® Xeon® E5
- Ubuntu 14.04 LTS on Java SE Runtime Environment v8 (1.8.0) on VMWare ESXi 6.0 running on Simplivity OmniCube with an Intel® Xeon® E5 (single-user mode)
Approved Algorithms
AES |
Cert. #3756 |
CVL |
Certs. #704, #705 and #706 |
DRBG |
Cert. #1031 |
DSA |
Cert. #1043 |
ECDSA |
Cert. #804 |
HMAC |
Cert. #2458 |
KAS |
Cert. #73 |
KAS |
SP 800-56Arev2, vendor affirmed |
KBKDF |
Cert. #78 |
KTS |
vendor affirmed |
KTS |
AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength |
KTS |
Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength |
PBKDF |
vendor affirmed |
RSA |
Cert. #1932 |
SHA-3 |
Cert. #3 |
SHS |
Cert. #3126 |
Triple-DES |
Cert. #2090 |
Allowed Algorithms
Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)