New certification enables supported Keyfactor customers to bring new and updated applications to market faster as post-quantum algorithms draw near

Keyfactor, the identity-first security solution for modern enterprises, today announced that the Bouncy Castle Java APIs for Java 8, 11, 17, and 21, one of the most widely used open-source cryptographic APIs, has received Federal Information Processing Standards (FIPS) 140-3 certification from the U.S. National Institute of Standards and Technology (NIST). As a sponsor of the Legion of the Bouncy Castle, the charitable organization behind Bouncy Castle, Keyfactor enables continued development and FIPS certification for the popular APIs.

FIPS 140-3 is the latest standard for validating the effectiveness of cryptographic hardware and software from the NIST and will provide the foundation for the next round of cryptographic standards, particularly those dealing with post-quantum cryptography. As both government and industry place a growing emphasis on the need for quantum readiness, recognition of the Bouncy Castle module achieving FIPS 140-3 certification positions it to move quickly to post-quantum encryption algorithms as new standards become available. This better allows Bouncy Castle to support its users through the coming changes that the move to quantum readiness will require.

The Bouncy Castle APIs allow organizations to implement and maintain robust security into their applications, including encryption, authentication, and the use of digital signatures. Keyfactor offers customers expert support services for Bouncy Castle, delivered directly from its creators and developers. Customers are also provided with early access to the latest releases and pre-certified FIPS modules, access to the full FIPS test suite, and the ability to do private label validations for situations where they need a certificate in their own name.

“Bouncy Castle has been key to our FIPS and FedRAMP strategy for hundreds of micro-services,” said Max Bern, Software Architect, Atlassian. “Having direct access to early certified modules and support has allowed us to rapidly rollout FIPS and prepare all required changes including performance testing and battle testing the modules prior to certification."

With this certification, all applications developed by organizations leveraging Bouncy Castle APIs will be using a module tested and formally validated by the U.S. government for FIPS 140-3. Keyfactor’s Bouncy Castle support customers who have been developing or updating their applications under the early access program while the module was still in submission can release them onto the market immediately, rather than having to begin the testing and development process now a general access release of the FIPS module is available.

An additional advantage of the FIPS 140-3 certification is that the five-year sunset period for FIPS 140-2 certificates comes to an end in 2024, meaning organizations that have been able move to Bouncy Castle’s FIPS 140-3 module will be able to continue delivering new products to their customers that require FIPS, such as the U.S. government.

“FIPS certification represents one of the pinnacles for implementation quality assurance in cyber security,” said David Hook, co-founder and lead developer for the Legion of the Bouncy Castle cryptography project and Head of Cryptography Software Engineering, Crypto Workshop by Keyfactor. “Thanks to the efforts of our lab, Acumen Security, and the support from Keyfactor, we are delighted to have finally been certified to the FIPS 140-3 standard.”

To learn more about Keyfactor’s support options for Bouncy Castle APIs, visit https://www.keyfactor.com/open-source/bouncy-castle-support/.

About Keyfactor Keyfactor brings digital trust to the hyper-connected world with identity-first security for every machine and human. By simplifying PKI, automating certificate lifecycle management, and securing every device, workload, and thing, Keyfactor helps organizations move fast to establish digital trust at scale — and then maintain it. In a zero-trust world, every machine needs an identity and every identity must be managed. For more, visit keyfactor.com or follow @keyfactor.

PR: Katie Leonowitz fama PR for Keyfactor keyfactor@famapr.com