Initially published on April 4, 2023
Announcement
The Dell BSAFE Product Team announces the release and general availability of
Dell BSAFE Crypto-J 6.3. This release embeds the Dell BSAFE Java Crypto Module 6.3 as its underlying FIPS provider, submitted for FIPS 140-2 validation.
BSAFE Crypto-J 6.3 is also supported with BSAFE SSL-J 7.1 and 6.5.
New Features
This release is designed to include the following new features:
- Enabled FIPS 140-2 compliance with NIST Special Publication 800-56A Revision 3.
- Added safe prime support for DH domain parameters. This includes:
- Usage of FFDHE parameters in RFC 7919 as the default parameters when initializing a DHKeyPairGenerator with one of the following key sizes:
- Added a check in FIPS-140 mode to ensure safe primes are used as described in SP 800-56A Revision 3 section 5.5.1.1 - FFC Domain Parameter Selection/Generation.
Note: Legacy FIPS 186-4 generated parameters can be used in FIPS-140 mode only for a prime size of 2048 bits. However, all sizes are still supported in a non-FIPS-140 mode.
- Added support for the following JCE algorithm names:
- AES/KW/NoPadding or AESKeyWrapRFC3394
- AES/KWP/NoPadding or AESKeyWrapRFC5649
- Added the following APIs to retrieve Java Crypto Module (JCM) product information:
- CryptoJVersion.getJCMProductID()
- CryptoJVersion.getJCMVersionString()
- Enabled the output of the toString() method on a PublicKey object to return the key details in a human-readable format.
- Added support for the following java.security properties:
- keystore.pkcs12.certProtectionAlgorithm
- keystore.pkcs12.certPbeIterationCount
- keystore.pkcs12.keyProtectionAlgorithm
- keystore.pkcs12.keyPbeIterationCount
- keystore.pkcs12.macAlgorithm
- keystore.pkcs12.macIterationCount
- Signed the Jar files with a Dell Technologies Signing Key.
Changed features
This release of Crypto-J includes the following changes:
- The name of the cryptographic module was changed to Dell BSAFE Java Crypto Module (BSAFE Crypto Module).
- The KeyBuilder.newECParams now checks for NamedCurve matches to use the existing acceleration table.
- The default PBE iteration count has been raised to 10,000.
- The maximum DH key size has been updated from 4096 to 8192 bits.
- The previously vendor-affirmed PBKDF2 algorithm is now FIPS 140-2 validated.
- Support has been added for FIPS 140-2 compliant One-Step KDF for SHA-1 and SHA-3 hash functions.
- Clearing sensitive data method for GCMParameterSpec class has been implemented.
- Native support using BSAFE Crypto-C Micro Edition has been removed.
- The JsafeJCE implementation of the LDAP CertStore has been deprecated and will be removed in a future release.
- OpenLDAP.jar is no longer included in the binary distribution.
- Support for the java.security property, com.rsa.cryptoj.pkcs12.outputmac has been deprecated and will be removed in a future release.
- Support has been added for Java 11, on the documented platforms and JDK vendors.
- Oracle JDK 9 is no longer supported.
- JDK 7 is no longer supported.
- Triple DES is not allowed in a FIPS 140-2 mode of operation.
For additional documentation, downloads, and more, contact
Dell Customer Support .