I've mentioned Bouncy Castle a few times in this blog over the past year.
The easiest major version upgrade yet I've ever had to execute was upgrading from BC-FIPS 1.X to 2.X. New in Bouncy Castle 2.0 is certification under FIPS 140-3 instead of FIPS 140-2 (all new certifications follow NIST 140-3 requirements). It also includes support for Java 21 as well as Java 17 and prior releases. You can find the NIST Certificate details here: 4743
Really, all I needed to do was update my pom.xml files. Smoothest major upgrade ever.
Well, technically, I did have to do a couple of other things.
1. Download bc-fips-2.0.0.jar into my project so that I could use it in local calls to Java's KeyTool (I have to convert a jks store to bcfks format in my build process.
2. Add the jar files to my Docker Image. BC-FIPS (at in 1.x versions) cannot be rolled up into an Uber-Jar for Spring Boot given changes in the way that jar url handling happens. This is because the module validation code in BC-FIPS has to be able to access the class data in the JAR file.
These are the file versions you need to change.
Old New
bc-fips-1.0.2.X.jar bc-fips-2.0.0.jar
bcpkix-fips-1.0.7.jar bcpkix-fips-2.0.7.jar
bctls-fips-1.0.19.jar bctls-fips-2.0.19.jar
Keith
No comments:
Post a Comment