signature=567ca7fd07fc75dbc322c9778923c914,The Legion of the Bouncy Castle

观天C

于 2021-05-30 03:21:24 发布

阅读量1k

点赞数

文章标签： signature=567ca7fd07fc75dbc322c9778923c914

Welcome

Welcome to the home page for the Bouncy Castle C# API!

Keeping the Bouncy Castle Project Going

With various algorithm changes, updates, security issues in protocols, and having to write vendor statements for organisations like CERT, keeping the Bouncy Castle project going is turning into a full time job and several of us have now given up permanent work in order to free up time to work on it. If you are making use of our software, and are interested in making sure we are always here when you need us, there are two principal ways you can help.

The first is by getting a support contract or by sponsoring specific work on the project. Not only will you get a hot-line to Bouncy Castle developers, consulting time, and release alerts if you need them, but, if you wish, we will also acknowledge your support publicly. You can find out further information on support contracts and consulting at Crypto Workshop (now part of KeyFactor).

Secondly, the Bouncy Castle APIs are now formally owned by a registered Australian Charity, the Legion of the Bouncy Castle Inc, ABN 84 166 338 567. Without considering the costs of actually doing what we do, we're also trying to raise money to allow us to get certifications such as FIPs for the APIs. We can accept donations via PayPal, Bitcoin, or direct transfer. If this sounds more like you, and you want to see this project continue to prosper, please visit our donations page to help. Thanks!

Current feature list:Generation and parsing of PKCS-12 files.

X.509: Generators and parsers for V1 and V3 certificates, V2 CRLs and attribute

certificates.

PBE algorithms supported by PbeUtilities: PBEwithMD2andDES-CBC,

PBEwithMD2andRC2-CBC, PBEwithMD5andDES-CBC, PBEwithMD5andRC2-CBC,

PBEwithSHA1andDES-CBC, PBEwithSHA1andRC2-CBC, PBEwithSHA-1and128bitRC4,

PBEwithSHA-1and40bitRC4, PBEwithSHA-1and3-keyDESEDE-CBC,

PBEwithSHA-1and2-keyDESEDE-CBC, PBEwithSHA-1and128bitRC2-CBC,

PBEwithSHA-1and40bitRC2-CBC, PBEwithHmacSHA-1, PBEwithHmacSHA-224,

PBEwithHmacSHA-256, PBEwithHmacRIPEMD128, PBEwithHmacRIPEMD160, and

PBEwithHmacRIPEMD256.

Signature algorithms supported by SignerUtilities: MD2withRSA, MD4withRSA,

MD5withRSA, RIPEMD128withRSA, RIPEMD160withECDSA, RIPEMD160withRSA,

RIPEMD256withRSA, SHA-1withRSA, SHA-224withRSA, SHA-256withRSAandMGF1,

SHA-384withRSAandMGF1, SHA-512withRSAandMGF1, SHA-1withDSA, and SHA-1withECDSA.

Symmetric key algorithms: AES, Blowfish, Camellia, CAST5, CAST6, ChaCha, DES, DESede,

GOST28147, HC-128, HC-256, IDEA, ISAAC, Noekeon, RC2, RC4, RC5-32, RC5-64, RC6, Rijndael,

Salsa20, SEED, Serpent, Skipjack, TEA/XTEA, Threefish, Tnepres, Twofish, VMPC and XSalsa20.

Symmetric key modes: CBC, CFB, CTS, GOFB, OFB, OpenPGPCFB, and SIC (or CTR).

Symmetric key paddings: ISO10126d2, ISO7816d4, PKCS-5/7, TBC, X.923, and Zero

Byte.

Asymmetric key algorithms: ElGamal, DSA, ECDSA, NaccacheStern and RSA (with blinding).

Asymmetric key paddings/encodings: ISO9796d1, OAEP, and PKCS-1.

AEAD block cipher modes: CCM, EAX, GCM and OCB.

Digests: GOST3411, Keccak, MD2, MD4, MD5, RIPEMD128, RIPEMD160, RIPEMD256, RIPEMD320,

SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3, Tiger, and Whirlpool.

XOFs: SHAKE.

Signer mechanisms: DSA, ECDSA, ECGOST3410, ECNR, GOST3410, ISO9796d2, PSS, RSA, X9.31-1998.

Key Agreement: Diffie-Hellman, EC-DH, EC-MQV, J-PAKE, SRP-6a.

Macs: CBCBlockCipher, CFBBlockCipher, CMAC, GMAC, GOST28147, HMac, ISO9797 Alg. 3, Poly1305, SipHash, SkeinMac, VMPCMAC.

PBE generators: PKCS-12, and PKCS-5 - schemes 1 and 2.

OpenPGP (RFC 4880)

Cryptographic Message Syntax (CMS, RFC 3852), including streaming API.

Online Certificate Status Protocol (OCSP, RFC 2560).

Time Stamp Protocol (TSP, RFC 3161).

TLS/DTLS client/server up to version 1.2, with support for the most common ciphersuites and extensions,

and many less common ones. Non-blocking API available.

Elliptic Curve Cryptography: support for generic F2m and Fp curves, high-performance custom implementations

for many standardized curves.

Reading/writing of PEM files, including RSA and DSA keys, with a variety of

encryptions.

PKIX certificate path validation

Releases

Software produced by this site is covered by the following license and was made possible with the help of the following contributors. If you are interested in sponsoring work on Bouncy Castle or getting commercial support for this or prior releases please contact us at Crypto Workshop.

Checksums:

sha256d70617fc1e51395efb89cc0f755a2d0bd3262930c06a3e4c8f3b3f3ad740da86

bccrypto-csharp-1.8.10-src.zip Source code, examples, tests, documentation.

Checksums:

sha2569919c4060fc3d1977a359dbc685352f223fe23b35572c097417214baf0a50eb7

Release Notes for 1.8.10

Defects Fixed

Fixed CMS signature verification for RSASSA-PSS when signed attributes are not present.

The output size for SHAKE128 (SHAKE256) when used as a fixed-length digest is now 256 (512) bits (also applies to cSHAKE).

Additional Notes

See the (cumulative) list of GitHub pull requests that we have accepted at

bcgit/bc-csharp.

Checksums:

sha256584284ba36a38c407dfdbfcdc79cb3f2cd51ab2259bf24d0dbb1d54c14a08c26

bccrypto-csharp-1.8.9-src.zip Source code, examples, tests, documentation.

Checksums:

sha256eea4a2efc62f9c106b112bc7accbc00351edaec269fc1fa8058c92445ecba380

Release Notes for 1.8.9

Defects Fixed

The TimeStampToken generator is now using PkcsObjectIdentifiers.IdAASigningCertificateV2 for the generating SigningCertificateV2.

Additional Features and Functionality

Added CSHAKE digest and KMAC.

Added support for PKCS#5 Scheme 2 to Pkcs12Store.

Improved performance for GCM.

Additional Notes

See the (cumulative) list of GitHub pull requests that we have accepted at

bcgit/bc-csharp.

Checksums:

sha2560c630a1a3fa3d5b919ff1067fa5c51ee7279236b2982af42f43d40afe0529c2b

bccrypto-csharp-1.8.8-src.zip Source code, examples, tests, documentation.

Checksums:

sha256f54c1a636417f5e36c81833b0c449eb77c4d1ae4bcfdeb8d797c48129967c503

Release Notes for 1.8.8

Additional Features and Functionality

Updated TimeStampTokenGenerator from bc-java.

Improved performance for constant-time modular inversion ("safegcd").

Improved performance for binary EC fields.

Additional Notes

See the (cumulative) list of GitHub pull requests that we have accepted at

bcgit/bc-csharp.

Checksums:

sha256275bd4fe2a5533e1fc58ec0c033545515cf864a2069a274fbd7a328082c426c1

bccrypto-csharp-1.8.7-src.zip Source code, examples, tests, documentation.

Checksums:

sha2568845c987de72d19f6790bcf690add859a8834e182bc263446349503b3b2eeba2

Release Notes for 1.8.7

Defects Fixed

ChaCha20Poly1305 could fail for large (>~2GB) files. This has been fixed.

EdDSA verifiers now reset correctly after rejecting overly long signatures.

DTLS: Fixed infinite loop on IO exceptions.

Additional Features and Functionality

DTLS: Retransmission timers now properly apply to flights monolithically.

DTLS: Added support for an overall handshake timeout.

Additional Notes

See the (cumulative) list of GitHub pull requests that we have accepted at

bcgit/bc-csharp.

Security Advisory

CVE-2020-15522: addition of blinding to address observable timing issue

with Deterministic ECDSA signatures.

Checksums:

sha256a33d98d12eabbc366e373d9676a4f8f7a252923c208c1a93ae6a4e0a06ce8dc7

bccrypto-csharp-1.8.6-src.zip Source code, examples, tests, documentation.

Checksums:

sha256c3c3d1275c7b30d0ad73b45262fdbff0288fc4ca298123a00105689ffdf71925

Release Notes for 1.8.6

Defects Fixed

EdDSA verifiers now reject overly long signatures.

Fixed field reduction for custom secp128r1 curve.

ASN.1: Enforce no leading zeroes in OID branches (longer than 1 character).

Additional Features and Functionality

TLS: BasicTlsPskIdentity now reusable (returns cloned array from GetPsk).

Improved performance for multiple ECDSA verifications using same public key.

Support has been added for ChaCha20-Poly1305 AEAD mode from RFC 7539.

PKCS12: Improved support for certificate-only key stores without password.

Checksums:

sha25628258da3b46fdd84b35a55c315938fa393e064db76834b881c7591321d20c091

bccrypto-csharp-1.8.5-src.zip Source code, examples, tests, documentation.

Checksums:

sha256493c06f78f575995769a8d3d14a1b21cf5f6f8192e06ba6a8be2a73cbe253d03

Release Notes for 1.8.5

IMPORTANT

This is the final feature release with support for legacy .NET platforms. From 1.9.0 we will be targeting more

modern .NET frameworks (see https://github.com/bcgit/bc-csharp/pull/68) and updating our build and packaging systems.

The 1.8.x series will continue to receive bug fixes, but limited new functionality.

Additional Features and Functionality

Supported added for encoding and decoding of GOST3410-2012 keys.

Basic support added for CMP (RFC 4210) and CRMF (RFC 4211), including the PKI archive control.

Checksums:

sha256b1df51f45b2e289bc8304d08d03e6e7ebfa479f3d9b7ab73abcbb95cac5abf78

bccrypto-csharp-1.8.4-src.zip Source code, examples, tests, documentation.

Checksums:

sha256ba438abe2fb895348865acfc065c750b876146c3138dec1f2b95539affab81a4

Release Notes for 1.8.4

Defects Fixed

Rfc3211WrapEngine would not properly handle messages longer than 127 bytes. This has been fixed.

Additional Features and Functionality

Restrictions on the output sizes of the Blake2b/s digests have been removed.

RFC 7748: Higher-level support for X25519 and X448 has been added.

RFC 8032: Higher-level support for Ed25519 and Ed448 has been added.

Implementation of the SM4 block cipher has been added.

Added support for Plain ECDSA (a.k.a CVC-ECDSA).

Additional Notes

See the (cumulative) list of GitHub pull requests that we have accepted at

bcgit/bc-csharp.

Release 1.8.3, 11th August 2018

Checksums:

sha256952ea63604683acfbf1b1b147203c06f5216cac50e026d4c3e8f5ae967bebaf1

bccrypto-csharp-1.8.3-src.zip Source code, examples, tests, documentation.

Checksums:

sha25622622bbe81840f9574b7b526d107263f7c573242023c7bd5a8c308135d2b5249

Release Notes for 1.8.3

IMPORTANT

In this release, the TLS library has moved to a whitelisting approach for client-side validation of server-presented

Diffie-Hellman (DH) parameters. In the default configuration, if a ciphersuite using ephemeral DH is selected by the

server, the client will abort the handshake if the proposed DH group is not one of those specified in RFC 3526 or RFC 7919,

or if the DH prime is < 2048 bits. The client therefore no longer offers DH ciphersuites by default.

Additional Features and Functionality

Further work has been done on improving SHA-3 performance.

EC key generation and signing now use cache-timing resistant table lookups.

RFC 7748: Added low-level implementations of X25519 and X448.

RFC 8032: Added low-level implementations of Ed25519 and Ed448.

Additional Notes

See the (cumulative) list of GitHub pull requests that we have accepted at

bcgit/bc-csharp.

Release 1.8.2, 9th April 2018

Checksums:

sha2567cb3195aba7fcb6f61d6439e083b2c8ee169ca4c6da3de8624b6b64ba8b205c

bccrypto-csharp-1.8.2-src.zip Source code, examples, tests, documentation.

Checksums:

sha2563d7d03eb5cc80c7816820a2266d54c841a3f3a573262eba116e4f2da8110f3b3

Release Notes for 1.8.2

Security Advisory

Carry propagation bugs in the implementation of squaring for several raw math classes have been fixed (Org.BouncyCastle.Math.Raw.Nat???).

These classes are used by our custom elliptic curve implementations (Org.BouncyCastle.Math.Ec.Custom.**), so there was the possibility

of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with

high probability by the output validation for our scalar multipliers. We consider these bugs to be exploitable for static ECDH with

long-term keys, per "Practical realisation and elimination of an ECC-related software bug attack",

Brumley et.al.

IMPORTANT

This release brings our Poly1305 implementation into line with RFC 7539, which breaks backward compatibility. The essential

difference from 1.8.1 is that the two halves of the 32-byte Poly1305 key have swapped places. If you have persisted Poly1305

keys, or are interoperating with other Poly1305 implementations, you may need to account for this change when migrating to 1.8.2.

Defects Fixed

DTLS now supports records containing multiple handshake messages.

Additional Features and Functionality

TLS: support for ClientHello Padding Extension (RFC 7685).

TLS: support for ECDH_anon key exchange.

BCrypt implementation added.

BLAKE2b and BLAKE2s implementations added.

GOST R 34.11-2012 implementation added.

DSTU-7564 message digest implementation added.

SM2 signatures, key exchange, and public key encryption implementations added.

Additional Notes

See the (cumulative) list of GitHub pull requests that we have accepted at

bcgit/bc-csharp.

Release 1.8.1, 28th December 2015

Checksums:

sha2567d5f2e7eaae3e3f11ef3ddae4b0d7d5a838642609b2774ad51458bc9ad241d60

bccrypto-csharp-1.8.1-src.zip Source code, examples, tests, documentation.

Checksums:

sha256ca31e8d341e87854c18ebeffbeac53b942f226b9d3fe4a6ef3841588008a2684

Release Notes for 1.8.1

SECURITY ADVISORY

(D)TLS 1.2: Motivated by CVE-2015-7575, we have added validation that

the signature algorithm received in DigitallySigned structures is actually one of those offered (in signature_algorithms extension

or CertificateRequest). With our default TLS configuration, we do not believe there is an exploitable vulnerability in any earlier

releases. Users that are customizing the signature_algorithms extension, or running a server supporting client authentication, are

advised to double-check that they are not offering any signature algorithms involving MD5.

IMPORTANT

The Serpent cipher as of 1.8.0 is incompatible with the behaviour of Serpent in earlier releases; it has been modified to conform to the standard byte-order interpretation for blocks (and keys) as described in the NESSIE test-vectors. In keeping with common practice the previous behaviour is available from 1.8.0 as the "Tnepres" cipher. See BMA-52

for more information if this may affect you.

Additional Features and Functionality

Added support for ASN.1 GraphicString and VideotexString types.

Problems with DTLS record-layer version handling were resolved via BJA-584,

making version negotiation work properly.

Additional Notes

See list of resolved issues at

Bouncy Castle JIRA C# 1.8.1.

See the (cumulative) list of GitHub pull requests that we have accepted at

bcgit/bc-csharp.

Porting notes from the old ASN.1 library (pre 1.7) For the most part code using the old subset of ASN.1 classes should be easy to transfer, providing the following changes are made:

DERObject becomes ASN1Object

DEREncodable becomes ASN1Encodable

getDERObject() becomes toASN1Object()

BERConstructedOctetString becomes BEROctetString

If you were using the older mutable DERConstructedSequence/Set and BERConstructedSequence, use an ASN1EncodableVector in conjunction with DERSequence/Set and BERSequence

BERInputStream and DERInputStream are replaced with ASN1InputStream

AsymmetricKeyParameter is now in the org.bouncycastle.crypto namespace

GIT Access

Just want to look at the source? The source code repository is now mirrored on GitHub and accessible from here. The repository can be cloned using either

https:git clone https://github.com/bcgit/bc-csharp.git

or git protocol

git clone git://github.com/bcgit/bc-csharp.git

CVS Access Note: this is now deprecated

Instructions for anonymous CVS access:CVSROOT=:pserver:anonymous@cvs.bouncycastle.org:/home/users/bouncy/cvsroot

And then

cvs co bc-csharp

Using your favorite CVS client.

Keep in touch!

For those who are interested, there are two mailing lists for participation in this project. To subscribe use the links below. (To unsubscribe, replace subscribe with unsubscribe in the message body)

announce-crypto-csharp-request@bouncycastle.org with subscribe in the message body. This mailing list is for new release announcements only, general subscribers cannot post to it.

dev-crypto-csharp-request@bouncycastle.org with subscribe in the message body. This mailing list is for discussion of development of the package. This includes bugs, comments, requests for enhancements, questions about use or operation.

NOTE:You need to be subscribed to send mail to the above mailing list.

A searchable archive of the dev mailing list is accessible off the mailing lists page.

If you want to provide feedback, offers of jobs (or more importantly beer) directly to the members of The Legion then please use feedback-crypto@bouncycastle.org

Prior Releases

Release 1.8, 22nd November 2015

Checksums:

sha256dba379e6ae47db4dd864bbfad6c8633aaf6f7db80ded13fd4a71d3a260ad576c

bccrypto-csharp-1.8.0-src.zip Source code, examples, tests, documentation.

Checksums:

sha256c7ce25daa22954bd09ea6cfdaa69b09e67f0bec658368510c6f9f68adaa6ac95

Release Notes for 1.8.0

IMPORTANT

for more information if this may affect you.

Additional Features and Functionality

IV only re-initialisation is supported by using null as the key parameter when creating a ParametersWithIV object.

CMS Enveloped and AuthenticatedData now support OriginatorInfo.

Support for ECDSA_fixed_ECDH authentication has been added to the TLS client.

Support for the Features signature sub-packet has been added to the PGP API.

Classes involved in CRL manipulation have been rewritten to reduce memory requirements for handling and parsing extremely large CRLs.

An implementation of Password Authenticated Key Exchange by Juggling (J-PAKE) has been added.

Support has been added for SHA-512/224, SHA-512/256, as well as a general SHA-512/t in the lightweight API.

The TSP API now supports generation of certIDs based on digests other than SHA-1.

OCSP responses can now be included in CMS SignedData objects.

The SipHash MAC algorithm has been added.

DRBGs from NIST SP 800-90A (DualEC excluded) have been added to the Crypto.Prng namespace together with SecureRandom builders.

Support has been added for OCB mode.

DSA version 2 parameter and key generation is now supported.

A new interface IMemoable has been added for objects that can copy in and out their state. The digest classes now support this.

A special class NonMemoableDigest has been added which hides the IMemoable interface where it should not be available.

TDEA is now recognised as an alias for DESede.

Support has been added for NIST SP 800-38D - GMAC to AES and other 128 bit block size algorithms.

The TLS API now supports TLS/DTLS 1.2 for both client and server

Full support is now provided for client-side auth in the D/TLS server code.

TLS: server-side support for DHE key exchange.

TLS: server-side support for PSK and SRP ciphersuites.

TLS: (EC)DSA now supports signatures with non-SHA1 digests.

TLS: support for ECDHE_ECDSA/AES/CCM ciphersuites from RFC 7251.

The TLS/DTLS code now includes a non-blocking API.

RFC 6637 ECDSA and ECDH support has been added to the OpenPGP API.

Implementations of Threefish and Skein have been added.

Implementation of the SM3 digest has been added.

Implementations of XSalsa20 and ChaCha have been added. Support for reduced round Salas20 has been added.

Support has been added for RFC 6979 Deterministic DSA/ECDSA.

Support for the Poly1305 MAC has been added.

GCM and GMAC now support tag lengths down to 32 bits.

Custom implementations for many of the NIST and SEC elliptic curves have been added, resulting in drastically improved performance. They

can be accessed via the Crypto.EC.CustomNamedCurves class and are generally selected by other internal APIs in place of the generic implementations.

Automatic EC point validation added, both for decoded inputs and multiplier outputs.

Support has been added for X9.31-1998 DRBG.

Support has been added for the SHA3 family of digests, including SHAKE128 and SHAKE256.

An implementation of the draft standard has been added as 'Keccak'.

The ASN.1 parser for ECGOST private keys will now parse keys encoded with a private value represented as an ASN.1 INTEGER.

SubjectPublicKeyInfoFactory now supports DSA parameters.

Improved performance of BigInteger.ModPow and random prime generation.

SecureRandom instances now seeded by RNGCryptoServiceProvider (where available).

An initial port of the Java "operators" mechanism has been introduced to support overriding of cryptographic primitives

in high-level APIs e.g. for signing using an external provider.

Additional Notes

See list of resolved issues at

Bouncy Castle JIRA C# 1.8.0

See the (cumulative) list of GitHub pull requests that we have accepted at

bcgit/bc-csharp

Release 1.7, 7th April 2011

Release includes the full lightweight API, as well as APIs for OpenPGP, CMS, TLS, X.509, PKCS#12, TSP, and Certificate Path validation.

Checksums:

md55d00db78caa759486c8ea4bbc23d7fc9

sha11b3d9deda07042c23fe6728e67d6ed25365d5dcf

bccrypto-net-1.7-src.zip Source code, examples, tests, documentation.

Checksums:

md5a4b116ac9fc50e9d495968514e15f5eb

sha141ec96c9e96d7c980bd7198347365323a639de6e

bccrypto-net-1.7-bin-ext.zip Compiled assembly only - includes the IDEA encryption algorithm.

Checksums:

md5e20b0d66296928f14f0b1cb2d86d980c

sha1e2bf8ff62556023fb91c02bf8b8ab5372f1137f8

bccrypto-net-1.7-src-ext.zip Source code, examples, tests, documentation - includes the IDEA encryption algorithm.

Checksums:

md53eb583a9b728d6f834edbf72800d2e47

sha1b6df90124dd35d1375eb70fd3eca7f8b15e5028b

Release Notes for 1.7

Additional Features and Functionality

TLS now supports client authentication.

TLS now supports compression.

TLS now supports ECC cipher suites (RFC 4492).

Library can now be built for Silverlight (2.0 and above).

ASN.1 classes for CRMF (RFC 4211) and CMP (RFC 4210) have been added.

Further performance improvements to GCM mode.

BufferedBlockCipher will now always reset after a DoFinal().

An IV can now be passed to an Iso9797Alg3Mac

Additional Notes

See list of resolved issues at

Bouncy Castle JIRA C# 1.7

Release 1.6.1, 8th February 2009

Release includes the full lightweight API, as well as APIs for OpenPGP, CMS, TLS, X.509, PKCS#12, TSP, and Certificate Path validation.

bccrypto-net-1.6.1-bin.zip Compiled assembly only.

Checksums:

md5 6c61e739b048c76dbed38562742141f7

sha1 5a87f6bf74224073148052abf0dc5142e719a3de

bccrypto-net-1.6.1-src.zip Source code, examples, tests, documentation.

Checksums:

md5 ecd332c1747d84296a09e8e379732b40

sha1 517d730a35700b129bed53cdc68879b11b727fa5

bccrypto-net-1.6.1-bin-ext.zip Compiled assembly only - includes the IDEA encryption algorithm.

Checksums:

md5 2c1c3b443bb90df8ce509ca53d615b3a

sha1 fa3e2869bb0f5bccb1a5fc99fee1abd87da6519c

bccrypto-net-1.6.1-src-ext.zip Source code, examples, tests, documentation - includes the IDEA encryption algorithm.

Checksums:

md5 0b94ba85b458e0517bfa322108e5251f

sha1 fe2868feff8e5d12310040db9756fbee6a18f4c8

Release Notes for 1.6.1

Defects Fixed

X509DefaultEntryConverter was not recognising telephone number as a PrintableString field. This has been fixed.

OpenPGP now supports UTF-8 in file names for literal data.

Problems with the released assembly of the 1.6 version have been rectified.

Security Advisory

This version has been specifically reviewed to eliminate possible timing attacks on algorithms such as GCM and CCM mode.

Additional Features and Functionality

Support for PSS signatures has been added to CMS.

SubjectKeyIdentifier now supports both methods specified in RFC 3280, section 4.2.1.2 for generating the identifier.

Performance of GCM mode has been greatly improved (on average 10x).

Support for mac lengths of 96, 104, 112, and 120 bits has been added to existing support for 128 bits in GCMBlockCipher.

Support for raw signatures has been extended to RSA, RSA-PSS and ECDSA. RSA support can be used in CmsSignedDataStreamGenerator to support signatures without signed attributes.

Support for EC MQV has been added to the light weight API and the CMS library.

Additional Notes

See list of resolved issues at

Bouncy Castle JIRA C# 1.6

Release 1.5, 18th August 2009

Release includes the full lightweight API, as well as APIs for OpenPGP, CMS, TLS, X.509, PKCS#12, TSP, and Certificate Path validation.

bccrypto-net-1.5-bin.zip Compiled assembly only.

checksums: md5 d886ecff8ffbb82b8b22dd474e617bf3

sha1 0b96049df50d5e99292a4b9f599d61fc2f852482

bccrypto-net-1.5-bin-ext.zip Compiled assembly only - includes the IDEA encryption algorithm.

checksums: md5 aa2e0852fd17e8011649cadc14f7ff03

sha1 e70a86dc25d5ff8acdd3cd0c8e868bcdf8d7ac8c

bccrypto-net-1.5-src.zip Source code, examples, tests, documentation.

checksums: md5 ab43eeeec7dd967db3edb95988838677

sha1 2ed08c563b57a7d8ca877a2d3b6f63375d77a724

Release Notes

Defects Fixed

Correct the ASN.1 class for AuthorityInformationAccess.

In the Bcpg libs, armored output now inserts the correct version string.

EssCertIDv2 encoding now complies with RFC 5035.

ECDSA now computes correct signatures for oversized hashes when the order of the base point is not a multiple of 8 in compliance with X9.62-2005.

Standard name "DiffieHellman" is now supported in factory classes.

Better support for equality tests for '#' encoded entries has been added to X509Name.

'=' inside a X509Name was not being properly escaped. This has been fixed.

ApplicationSpecific ASN.1 tags are now recognised in BER data. The GetObject() method now handles processing of arbitrary tags.

Multiplication by negative powers of two is fixed in BigInteger.

Multiple countersignature attributes are now correctly collected.

Two bugs in HC-128 and HC-256 related to sign extension and byte swapping have been fixed. The implementations now pass the latest ecrypt vector tests.

Security Advisory

The effect of the sign extension bug was to decrease the key space the HC-128 and HC-256 ciphers were operating in and the byte swapping inverted every 32 bits of the generated stream. If you are using either HC-128 or HC-256 you must upgrade to this release.

Additional Features and Functionality

PKIX certificate path validation.

Accept duplicate PKCS#9 FriendlyName attributes in PKCS#12 keystore.

Add support for PKCS#5 Scheme 2 keys.

Camellia performance improved.

A smaller version of Camellia, CamelliaLightEngine has also been added.

CmsSignedData generation now supports SubjectKeyIdentifier as well as use of issuer/serial.

A CMS PBE key holder for UTF8 keys has been added to the CMS API.

Salt and iteration count can now be recovered from PasswordRecipientInformation.

Support for reading and extracting personalised certificates in PGP Secret Key rings has been added.

Support for EAC algorithms has been added to CMS.

Asn1Dump now supports a verbose mode for displaying the contents of octet and bit strings.