CLEVELAND, July 31, 2024 -- Keyfactor, the identity-first security solution for modern enterprises, today announced that the Bouncy Castle Java APIs for Java 8, 11, 17, and 21, one of the most widely used open-source cryptographic APIs, has received Federal Information Processing Standards (FIPS) 140-3 certification from the U.S. National Institute of Standards and Technology (NIST). As a sponsor of the Legion of the Bouncy Castle, the charitable organization behind Bouncy Castle, Keyfactor enables continued development and FIPS certification for the popular APIs.

FIPS 140-3 is the latest standard for validating the effectiveness of cryptographic hardware and software from the NIST and will provide the foundation for the next round of cryptographic standards, particularly those dealing with post-quantum cryptography. As both government and industry place a growing emphasis on the need for quantum readiness, recognition of the Bouncy Castle module achieving FIPS 140-3 certification positions it to move quickly to post-quantum encryption algorithms as new standards become available. This better allows Bouncy Castle to support its users through the coming changes that the move to quantum readiness will require.

The Bouncy Castle APIs allow organizations to implement and maintain robust security into their applications, including encryption, authentication, and the use of digital signatures. Keyfactor offers customers expert support services for Bouncy Castle, delivered directly from its creators and developers. Customers are also provided with early access to the latest releases and pre-certified FIPS modules, access to the full FIPS test suite, and the ability to do private label validations for situations where they need a certificate in their own name.

With this certification, all applications developed by organizations leveraging Bouncy Castle APIs will be using a module tested and formally validated by the U.S. government for FIPS 140-3. Keyfactor’s Bouncy Castle support customers who have been developing or updating their applications under the early access program while the module was still in submission can release them onto the market immediately, rather than having to begin the testing and development process now a general access release of the FIPS module is available.

An additional advantage of the FIPS 140-3 certification is that the five-year sunset period for FIPS 140-2 certificates comes to an end in 2024, meaning organizations that have been able move to Bouncy Castle’s FIPS 140-3 module will be able to continue delivering new products to their customers that require FIPS, such as the U.S. government.