-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fips and non-fips bc jars co-existence #714
Comments
When you say FIPS support, do you mean you actually need the product to be FIPS compliant? |
Thats right. We want our product to be FIPS complaint. And we were using other provider and this provider has reached end of life so wants to move with Bouncy Castle for FIPS complaince. |
Okay, so where people need to use classes from the non-FIPS BC API together with the FIPS one the trick is to use the "org.spongycastle" approach. There's one catch though, the application can't be FIPS compliant if it uses any of the cryptographic classes from the old BC API. Given some of the classes you have mentioned, you need to be making sure only the classes from the BC FIPS API are used and also those are used in accordance with the module's security policy. |
Thanks for the quick reply and I have few follow-ups on it,
|
org.spongycastle is just a package name - it's first use was with the Android port, but the same idea can be applied to get two versions of BC running side by side in any environment. https://downloads.bouncycastle.org/fips-java/BC-FJA-SecurityPolicy-1.0.2.pdf |
Closed, assumed dealt with as no further feedback. |
What's the "org.spongycastle" approach? I'm in a situation where both bc-fips and bc jars are in the classpath, but none of the bc providers (fips or non-fips) can be loaded. Is there a way to make it work? Thanks. |
Recompile the API as org.spongycastle and give the provider the name "SC" rather than "BC". |
Hi Team,
My product is a legacy product and has many dependency with manyexternal jars and I see that few external jars are internally referring BlockCipher, SHA256Digest etc from bcprov-jdk-15on /bcprov-jdk16.
Now our product wants to support fips from bouncy castle (bc-fips-1.0.1).
According to your official document which stated :
"The bcfips provider jar itself has no external dependencies, but it cannot be used in the same JVM as the regular Bouncy Castle provider. The classes in the two jar files do not get along."
So how can I use bc-fips along with regular provider and what are all the alternatives that you can suggest ?
Since I must have bcprov-jdk as well.
Thanks and Regards,
The text was updated successfully, but these errors were encountered: