1. Home
  2. /
  3. Download
  4. /
  5. Download Bouncy Castle Java

Download Bouncy Castle for Java

Welcome to the download page for the general edition of Bouncy Castle Java. In addition to the available access options, including GitHub, Maven Central, and direct download, you will find searchable release notes and links to API and other documentation.

 

Bouncy Castle Java
hero-sub-2

GitHub

Access the Bouncy Castle APIs Java package on GitHub, where you can also report issues, join discussions, and contribute to the software.

Documentation 

Explore the Bouncy Castle for Java documentation online for concise guidance and examples.

Join the discussion

You can ask questions and learn from specialists in the Bouncy Castle Java forum on GitHub Discussions. We highly appreciate and value your input.

Report an issue

If you encounter any issues that require attention, feel free to report them in our GitHub repository. 

Release notes

Find out detailed information about the latest release and search in older release notes.

Beta releases

The current working betas, when available, for the next release for JDK 1.8 and later can be found here. If you need a beta to be made available for another version of Java please ask by emailing: [email protected].

Donate to support the Bouncy Castle APIs

Supporting Bouncy Castle is now a substantial effort, the Java API is now over 300,000 lines, the C# one well past 140,000.

Bouncy Castle Java Downloads

The latest Bouncy Castle Java release is 1.79.

Except where otherwise stated, this software is distributed under the regular Bouncy Castle license. For full details of other licenses involved, see Third party licenses

Distribution Files (JAR and ZIP format)

Compiled classes, sources and JavaDoc for Java 1.1.

Checksums

To confirm the integrity of the distributions, checksums are available:

Download Checksums

Maven Central Signing Key

If you are trying to confirm the signatures for artifacts from Maven Central, you can use the public key linked below.

Download bc_maven_public_key.asc

Release notes

Find out detailed information about the latest Bouncy Castle Java releases and search in older release notes.  

Release 1.79
30 October, 2024
Defects Fixed Leading zeroes were sometimes dropped from Ed25519 signatures leading to verification errors in the PGP API. This has been fixed. Default ver...

Defects Fixed

  • Leading zeroes were sometimes dropped from Ed25519 signatures leading to verification errors in the PGP API. This has been fixed.
  • Default version string for Armored Output is now set correctly in 18on build.
  • The Elephant cipher would fail on large messages. This has been fixed.
  • CMSSignedData.replaceSigners() would re-encode the digest algorithms block, occasionally dropping ones where NULL had been previously added as an algorithm parameter. The method now attempts to only use the original digest algorithm identifiers.
  • ERSInputStreamData would fail to generate the correct hash if called a second time with a different hash algorithm. This has been fixed.
  • A downcast in the CrlCache which would cause FTP-based CRLs to fail to load has been removed.
  • ECUtil.getNamedCurveOid() now trims curve names of excess space before lookup.
  • The PhotonBeetle and Xoodyak digests did not reset properly after a doFinal() call. This has been fixed.
  • Malformed AlgorithmIdentifiers in CertIDs could cause caching issues in the OCSP cache. This has been fixed.
  • With Java 21 a provider service class will now be returned with a null class name where previously a null would have been returned for a service. This can cause a NullPointerException to be thrown by the BC provider if a non-existent service is requested. This issue has now been worked around.
  • CMS: OtherKeyAttribute.keyAttr is now treated as optional.
  • CMS: EnvelopedData and AuthEnvelopedData could calculate the wrong versions. This has been fixed.
  • The default version header for PGP armored output did not carry the correct version string. This has been fixed.
  • In some situations, the algorithm lookup for creating PGPDigestCalculators would fail due to truncation of the algorithm name. This has been fixed.

Additional Features and Functionality

  • Object Identifiers have been added for ML-KEM, ML-DSA, and SLH-DSA.
  • The PQC algorithms, ML-KEM, ML-DSA (including pre-hash), and SLH-DSA (including pre-hash) have been added to the BC provider and the lightweight API.
  • A new spec, ContextParameterSpec, has been added to support signature contexts for ML-DSA and SLH-DSA.
  • BCJSSE: Added support for security property "jdk.tls.server.defaultDHEParameters" (disabled in FIPS mode).
  • BCJSSE: Added support for signature_algorithms_cert configuration via "org.bouncycastle.jsse.client.SignatureSchemesCert" and "org.bouncycastle.jsse.server.SignatureSchemesCert" system properties or BCSSLParameters property "SignatureSchemesCert".
  • BCJSSE: Added support for boolean system property "org.bouncycastle.jsse.fips.allowGCMCiphersIn12" (false by default).
  • (D)TLS: Remove redundant verification of self-generated RSA signatures.
  • CompositePrivateKeys now support the latest revision of the composite signature draft.
  • Delta Certificates now support the latest revision of the delta certificate extension draft.
  • A general KeyIdentifier class, encapsulating both PGP KeyID and the PGP key fingerprint has been added to the PGP API.
  • Support for the LibrePGP PreferredEncryptionModes signature subpacket has been added to the PGP API.
  • Support for Version 6 signatures, including salts, has been added to the PGP API.
  • Support for the PreferredKeyServer signature subpacket has been added to the PGP API.
  • Support for RFC 9269, "Using KEMs in Cryptographic Message Syntax (CMS)", has been added to the CMS API.
  • Support for the Argon2 S2K has been added to the PGP API.
  • The system property "org.bouncycastle.pemreader.lax" has been introduced for situations where the BC PEM parsing is now too strict.
  • The system property "org.bouncycastle.ec.disable_f2m" has been introduced to allow F2m EC support to be disabled.