U.S. flag   An unofficial archive of your favorite United States government website

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #2792

Details

Module Name
BC-FNA (Bouncy Castle FIPS .NET API)
Standard
FIPS 140-2
Status
Active
Sunset Date
11/13/2021
Validation Dates
11/14/2016
Overall Level
1
Caveat
When installed, initialized and configured as specified in the Security Policy Section 8 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.
Security Level Exceptions
  • Physical Security: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Bouncy Castle FIPS .NET API is a comprehensive suite of FIPS Approved algorithms implemented in pure C#. All key sizes and modes have been implemented to allow flexibility and efficiency, and additional algorithms, including some post-quantum ones, are available in non-approved operation as well.
Tested Configuration(s)
  • Windows 10 Enterprise on .NET framework 4.6.1 running on a Lenovo Flex 3
  • Windows 10 Pro on .NET framework 4.6.1 running on an Asus T100HA (single-user mode)
  • Windows 7.0 SP1 on .NET framework 4.5.2 running on HP Zbook 14 G2
  • Windows 8.1 Pro on .NET framework 4.5.2 running on a HP Zbook 14 G2
FIPS Algorithms
AES Cert. #4015
CVL Certs. #837, #838, #839 and #875
DRBG Cert. #1194
DSA Cert. #1087
ECDSA Cert. #894
HMAC Cert. #2618
KAS Cert. #89
KAS SP 800-56Arev2 with CVL Cert. #875, vendor affirmed
KTS AES Cert. #4015; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS Triple-DES Cert. #2199; key establishment methodology provides 112 bits of encryption strength
KTS vendor affirmed
PBKDF vendor affirmed
RSA Cert. #2059
SHA-3 Cert. #5
SHS Cert. #3312
Triple-DES Cert. #2199
Other Algorithms
EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ARC4; Camellia; ChaCha; ElGamal; NewHope; OpenSSL PBKDF; PKCS#12 PBKDF; Poly1305; SEED; Serpent; SPHINCS-256.
Software Versions
1.0.1

Vendor

Legion of the Bouncy Castle Inc.
85 The Crescent
Ascot Vale, Victoria 3032
Australia

David Hook
dgh@bouncycastle.org
Phone: +61438170390
 Jon Eaves
jon@bouncycastle.org
Phone: +61417502969

Related Files

Security Policy
Consolidated Certificate

Lab

CGI Information Systems and Management Consultants Inc.
NVLAP Code: 200928-0