Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Support for FIPS compliant Bouncy Castle
March 18, 2020
7:03, EEST
Avatar
Joel Mariadasan
Bangalore
Member
Members
Forum Posts: 3
Member Since:
March 18, 2020
sp_UserOfflineSmall Offline

Bouncy Castle has released FIPS complaint jars
Refer the below link:
https://www.bouncycastle.org/fips-java/

We see that the Java SDK (OPC UA Java client) still depends on the non FIPS complaint bouncy castle libraries.

We would like to know if there is a roadmap to remove non FIPS bouncy castle libraries and support new FIPS compliant bouncy castle libraries and know the timelines for it.

March 18, 2020
13:49, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 837
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Thank you for a good question and bringing out this requirement.

We had not been aware of the FIPS version of Bouncy Castle so far, so we will have to take a closer look at them. The first impression is that we should be able to support them with rather small modifications.

We won’t be able to remove support for the non-FIPS version, but since we have a flexible CryptoProvider model, we can add support for the FIPS as an alternative that you can choose from. At best it would work automatically depending on which libraries are available on the class path. Similar that we are supporting Spongy Castle for Android at the moment.

How soon would you need this?

March 19, 2020
8:03, EEST
Avatar
Joel Mariadasan
Bangalore
Member
Members
Forum Posts: 3
Member Since:
March 18, 2020
sp_UserOfflineSmall Offline

Thanks for the quick reply Jouni. Basically FIPS bouncy castle introduces a new provider and there are some changes in the packaging structure.

The solution proposed by you would help us. We would need to keep only FIPS bouncy castle libraries in the class path and avoid bundling non FIPS bouncy castle libraries.

We are already in the process of removing non FIPS bouncy castle library dependencies in our project. We are unable to do it completely as OPC UA client still needs non FIPS bouncy castle libraries.

It would be helpful if you can make the changes at the earliest. Please provide an estimated date when we can expect the changes.

March 19, 2020
15:13, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 837
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

We are working on 4.3.0 release at the moment. When that is done, we can try to integrate this one in. I will let you know when we get something to try out. Hopefully in the coming weeks.

March 23, 2020
18:20, EEST
Avatar
Joel Mariadasan
Bangalore
Member
Members
Forum Posts: 3
Member Since:
March 18, 2020
sp_UserOfflineSmall Offline

Thanks for the update !!!

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 267

Currently Online:
9 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 93

pramanj: 86

ibrahim: 69

kapsl: 57

gjevremovic: 49

TimK: 41

Fransua33: 39

fred: 36

Rainer Versteeg: 32

Thomas Reuther: 26

Member Stats:

Guest Posters: 0

Members: 990

Moderators: 13

Admins: 1

Forum Stats:

Groups: 3

Forums: 14

Topics: 945

Posts: 3987

Newest Members:

jerrodharness1, chandrahollis, kandimilano0008, deonbracewell, swati kulha, muoipoupinel64, lannybroadway, 12315544121666, Joel Mariadasan, alfonsobarringto

Moderators: Jouni Aro: 837, Otso Palonen: 32, Tuomas Hiltunen: 5, janimakela: 0, Pyry: 1, Terho: 0, Petri: 0, Bjarne Boström: 491, Heikki Tahvanainen: 402, Jukka Asikainen: 1, Teppo Uimonen: 18, Markus Johansson: 11, Matti Siponen: 8

Administrators: admin: 0