bc-java icon indicating copy to clipboard operation
bc-java copied to clipboard
verified publisher icon bcgit

Is there a version of bc-fips certified for FIPS 140-3 available on Maven?

Open praneethsf opened this issue 2 years ago • 3 comments

As per https://www.bouncycastle.org/fips_java_roadmap.html, bc-fips-2.0.0 and bc-fips-1.0.3 will be certified under FIPS 140-3. What would be the timeline for their availability on Maven?

praneethsf avatar Dec 07 '23 05:12 praneethsf

1.0.3 is currently suspended. 2.0.0 is available for early access and will be made available on Maven when it's finally certified.

As to when that happens, 2.0.0 was submitted in Jan 2022. So we're expecting it to be done "soon", but when "soon" will be is a matter for the certifying authority, we have no say or control over that.

dghgit avatar Dec 09 '23 01:12 dghgit

@dghgit Has that 2.0.0 submission since been amended to include Java (OpenJDK) 21?

🤞

larrywest avatar Feb 22 '24 00:02 larrywest

Yes. The ACVP certificate for 2.0.0 is here:

https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37009

dghgit avatar Feb 22 '24 01:02 dghgit

It's here.

https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4743

dghgit avatar Aug 02 '24 04:08 dghgit