Do we use any obscure algorithms with BC? -------- Original Message -------- Subject: [announce-crypto] FIPS for BC Java News. Date: Wed, 14 May 2014 22:28:09 +1000 From: David Hook <d...@autochthonous.org> Reply-To: d...@autochthonous.org To: dev-cry...@bouncycastle.org <dev-cry...@bouncycastle.org>, announce-cry...@bouncycastle.org
Hi all, Some news about FIPS and the Bouncy Castle Java API. After initial funding, we completed a product review on the FIPS work just over a month ago. It's taken us till now to deal with all the issues that were raised and we are now in the process of getting ready for a documentation review. We have already raised the funds for the documentation review, however we still need to raise the funds for testing. So as part of this we are now willing to offer early access to the FIPS API and provider for interested parties. The FIPS work has required major changes to the lightweight API, and some small changes to the provider level code. Note: not all algorithms currently available in the BC provider are available in the FIPS release. A full set of the extra algorithms appropriate for OpenPGP and CMS will be available in the FIPS release where the module is not being used in FIPS-approved mode. We have a general document about the API, changes, and motivations at: http://www.bouncycastle.org/fips/BCFipsDescription-20140504.pdf If everything goes according to plan we expect to be able to make the APIs available by the end of the year. Apart from getting early access before then, other reasons why it might be worth getting involved include: - the algorithm set for non-FIPS approved mode is not yet finalised, but it is unlikely to include everything in the regular BC release. If there's an algorithm not on the current list that you need badly, now is the time to bring it up. It will be some time before we do this again. - NIST certify Java modules on the basis of processor family, operating system, and the JVM major version number. If you want to minimise testing costs associated with your application now is also a good time to get involved as it may save you the need to re-certify on a platform we don't cover. - doing this means we have to write extra JavaDoc, if your involved there's a good chance it'll be in a shape that's useful to you, as well as to the certification process (not that I'm implying that we'll do the minimum required to get it passed... but, JavaDoc is nowhere near as precise as Java, so some additional, external, "natural-language analysis" is bound to improve it). - this will be open source, you will be in a position to see exactly how everything works as well as what gets used. Consider what that might mean to you and your users. Finally, we'd like to thank all those who have donated towards this, especially our main sponsors to date: Orion Health (http://www.orionhealth.com) and Crypto Workshop (http://www.cryptoworkshop.com). Crypto Workshop would also like to acknowledge the people who have bought Bouncy Castle support agreements as it is largely through those that funding has been possible. If you, or your organisation, is interested in supporting this effort, please contact us at: off...@bouncycastle.org If you have specific questions, also feel free to contact me off list. Regards, David
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
