Follow us on:  Google+   

Latest Java Releases

Release 1.59 is now available for download.

This release is primarily related to updates to the BCJSSE provider, although there are additional bug fixes and algorithms as well. The BCJSSE provider now supports session resumption in clients, Server Name Indication, and some new configuration properties. Issues with wrapping/unwrapping application daa in whole records have been fixed in the BCJSSE as well. CVE-2017-13098 has been fixed as well. In addition, issues with using keys from the PQC provider in BC key stores have been addressed, SCRYPT is now supported as a SecretKeyFactory and in PKCS8, DSTU symmetric algorithm performance has been improved, GOST3412-2015 has been added to the JCE provider and the lightweight API, and the Blake2s message digest has been added to the JCE provider and the lightweight API. Unified Cofactor Diffie-Hellman (ECCDHU) is now supported in the JCE and the lightweight API, a range of SHA-3 based signature algorithms have been added and a DEROtherInfo generator has been added for key agreement based on the NewHope algorithm. Some further issues with ECGOST have been fixed and the SM2 signature now uses the correct default identity value. The ISO trailer for SHA-512/256 using in X9.31 and ISO9796-2 signatures has also been corrected.

Further details on other additions and bug fixes can be found in the release notes file accompanying the release.

IMPORTANT - CVE FIX: If you are using the BCJSSE with RSA, this release fixes CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS when RSA key exchange is negotiated. This potentially affected BCJSSE servers and any other TLS servers configured to use JCE for the underlying crypto - note the two TLS implementations using the BC lightweight APIs (the original crypto.tls API and the newer bctls API) are not affected by this. Further details on the vulnerability can be found in CERT notes for VU#144389.

Change Warning (users of 1.52 or earlier): The PEM Parser now returns an X509TrustedCertificate block when parsing an openssl trusted certificate, the new object was required to allow the proper return of the trusted certificate's attribute block. Please also see the porting guide for advice on porting to this release from much earlier ones (release 1.45 or earlier).

Others have contributed to this release, both with code and/or financially and you can find them listed in the contributors file. We would also like to make a special mention of Micro Focus for helping support further work on the TLS and JSSE APIs. We would also like to thank holders of Crypto Workshop support contracts for additional time that was contributed back to this release through left over consulting time provided as part of their support agreements. Thank you, one and all!

If you're interested in grabbing the lot in one hit (includes JCE, JCE provider, light weight API, J2ME, range of JDK compatibility classes, signed jars, fries, and king prawns...) download crypto-159.tar.gz or, otherwise if you are only interested in one version in particular, see below. Early access to our FIPS hardened version of the Java APIs is now available as well, BC-FJA 1.0.1 has completed testing and is now under NIST review, contact us at for further information.

Get the most out of your Bouncy Castle experience!

Get a support contract through Crypto Workshop. We have found two things that distinguish our support contract holders from our regular user base. Developers with access to a support contract are more likely to raise an issue with us early rather than try and muddle through, and developers with access to a support contract also take a more active interest in the beta realeases, both FIPS and non-FIPS. The second one is useful as it means any issues or shortfalls in the beta are able to be fixed while the updates are still in beta. The first one is a real cost saver as it does not lead to us receiving emails starting with "Our development team has spent (some number of) weeks trying to work out..." It is much cheaper to have a support contract!

Signed JAR files

From release 1.40 some implementations of encryption algorithms were removed from the regular jar files at the request of a number of users. Jars with names of the form *-ext-* still include these (at the moment the list is: NTRU).

  Provider Clean room JCE
and provider
JDK 1.5 - JDK 1.8 bcprov-jdk15on-159.jar
  bcpkix-jdk15on-159.jar bcmail-jdk15on-159.jar bcpg-jdk15on-159.jar bctls-jdk15on-159.jar bctest-jdk15on-159.jar
JDK 1.4 bcprov-jdk14-159.jar
  bcpkix-jdk14-159.jar bcmail-jdk14-159.jar bcpg-jdk14-159.jar   bctest-jdk14-159.jar
JDK 1.3 bcprov-jdk13-159.jar
bcpkix-jdk13-159.jar bcmail-jdk13-159.jar bcpg-jdk13-159.jar   bctest-jdk13-159.jar
JDK 1.2 bcprov-jdk12-159.jar
bcpkix-jdk12-159.jar   bcpg-jdk12-159.jar   bctest-jdk12-159.jar

The following signed provider jars are provided so that you can make use of the debug information in them. In the case of the non-provider jars (bcpkix, bcpg, and bcmail), the jar files do not need to be signed to work. You can rebuild them with debug turned on, or operate directly from the source, if you need.

  Providers with debug
JDK 1.5 - JDK 1.8 bcprov-debug-jdk15on-159.jar bcprov-ext-debug-jdk15on-159.jar
JDK 1.4 bcprov-debug-jdk14-159.jar bcprov-ext-debug-jdk14-159.jar

Sources and JavaDoc

JDK 1.5 - JDK 1.8 bctls-jdk15on-159.tar.gz

JDK 1.5 - JDK 1.8 bcpkix-jdk15on-159.tar.gz
JDK 1.4 bcpkix-jdk14-159.tar.gz
JDK 1.3 bcpkix-jdk13-159.tar.gz
JDK 1.2 bcpkix-jdk12-159.tar.gz
JDK 1.1 bcpkix-jdk11-159.tar.gz

JDK 1.5 - JDK 1.8 bcpg-jdk15on-159.tar.gz
JDK 1.4 bcpg-jdk14-159.tar.gz
JDK 1.3 bcpg-jdk13-159.tar.gz
JDK 1.2 bcpg-jdk12-159.tar.gz
JDK 1.1 bcpg-jdk11-159.tar.gz

JDK 1.5 - JDK 1.8 bcmail-jdk15on-159.tar.gz
JDK 1.4 bcmail-jdk14-159.tar.gz
JDK 1.3 bcmail-jdk13-159.tar.gz

  JCE with provider and lightweight API Lightweight API  
JDK 1.5 - JDK 1.8 bcprov-jdk15on-159.tar.gz lcrypto-jdk15on-159.tar.gz
JDK 1.4 bcprov-jdk14-159.tar.gz lcrypto-jdk14-159.tar.gz
JDK 1.3 jce-jdk13-159.tar.gz lcrypto-jdk13-159.tar.gz
JDK 1.2 jce-jdk12-159.tar.gz lcrypto-jdk12-159.tar.gz
JDK 1.1 jce-jdk11-159.tar.gz lcrypto-jdk11-159.tar.gz
J2ME     lcrypto-j2me-159.tar.gz

  Releases no longer maintained
JDK 1.0 lcrypto-jdk10-133.tar.gz


  1. The tar archives were created using GNU tar (some versions of Solaris tar will have problems extracting them)
  2. The J2ME source distribution includes zips for the class files

You can find the release notes, documentation, and specifications here.

You can find checksums for confirming the integrity of the distributions here

Too slow? You can also find the latest versions on one of our mirrors:

Beta Access
The current working betas, when available, for the next release for JDK 1.5 to JDK 1.8 can be found at If you need a beta to be made available for another version of Java please ask by emailing

Maven Access
The BC jars are now mirrored on the Maven central repository. You can find them at

GIT Access
Just want to look at the source? The source code repository is now mirrored on GitHub and accessible from here. The repository can be cloned using either

git clone
or git protocol
git clone git://

CVS Access
Just want to look at the source? The source code repository is accessible via ViewVC from here

FTP Access
Previous releases, as well as the latest ones, can be downloaded from our ftp server Please note the FTP server does not support passive mode.