2024-07-31
Engineers and product owners in search of FIPS-certified cryptographic libraries or those already immersed in the Bouncy Castle Crypto API, we come bearing promising news. After thirty (30) months, the Bouncy Castle Java APIs have achieved the coveted FIPS 140-3 certification. In this journey, we find ourselves amongst the early cryptographic modules to secure this certification. This pivotal achievement heralds a significant transition for our valued Bouncy Castle users, offering a smooth passage from FIPS 140-2 to the upgraded security of FIPS 140-3.
FIPS (Federal Information Processing Standard) 140-3 is the latest benchmark for assessing the effectiveness of cryptographic modules and hardware. A FIPS 140-3 certificate indicates rigorous testing and formal validation by the U.S. and Canadian Governments. This revised standard took effect on September 22, 2019, ushering in a meticulous validation process beginning in September 2020. It addresses various vulnerabilities and threats, providing a comprehensive framework from initial design to operational deployment.
Worth noting is that as of April 1, 2021, the Cryptographic Module Validation Program (CMVP) ceased to accept new FIPS 140-2 submissions for validation certificates. While FIPS 140-2 modules retain their functionality until September 21, 2026, they are destined to find their place on the Historical List. Customers can procure from the Historical List and exclusively employ FIPS 140-2 modules for their existing applications in a spirit of continuity.
For Bouncy Castle users, the shift from FIPS 140-2 or our standard Bouncy Castle versions to FIPS 140-3 extends a hand of change. There are four things to be aware of during the update process:
With Keyfactor support services, you can get early access to the Bouncy Castle FIPS-certified APIs, including pre-certified FIPS modules. Read more about our support services here.
In sum, the Bouncy Castle Crypto API, now bestowed with FIPS 140-3 certification, broadens the horizons of secure cryptographic functionalities. Whether you are a longstanding user embarking on this transformation or a newcomer eager to explore the potential of the Bouncy Castle API, these developments extend an opportunity for fortified cryptographic assurance.
For an in-depth understanding of FIPS certifications, we encourage you to delve into the details available at NIST, where you can make informed decisions aligned with your cryptographic aspirations.
Scroll down on this page to read the Release note