Release Notes 17.07.19 RSA BSAFE® Crypto-J 6.2.5 Release Notes This document summarizes the features of RSA BSAFE Crypto-J 6.2.5 (Crypto-J). It outlines the new features, platform information, and resolved and known issues. For details of the Crypto-J End of Primary Support dates, see the Product Version Life Cycle Web site at https://community.rsa.com/docs/DOC-73366. Contents: New Features ................................................................................................... 2 Changes ......
RSA BSAFE Crypto-J 6.2.5 Release Notes New Features This release of Crypto-J is designed to provide the following new features: • • Updated Algorithm support: – Implementations of SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256 available using the JCE MessageDigest API. – Implementation of HKDF available using the JCE API. – Implementation of HMAC/SHA3-224, HMAC/SHA3-256, HMAC/SHA3-384, HMAC/SHA3-512 and CMAC available using the JCE MAC API.
RSA BSAFE Crypto-J 6.2.5 Release Notes Changes This release of Crypto-J is designed to include the following changes: • The default key size for key generation of asymmetric keys has been changed to reflect the minimum key size recommended in FIPS 186-4. Where the KeyPairGenerator has not previously been initialized with a key size, keys will be generated with the new default key size.
RSA BSAFE Crypto-J 6.2.5 Release Notes Related Products The following related products are incorporated in this release of Crypto-J: • RSA BSAFE Crypto-C Micro Edition 4.1 (Crypto-C ME) to provide native cryptography support. • RSA BSAFE Micro Edition Suite 4.1 (MES) to provide FIPS 140-2 native cryptography support. • OpenLDAP - JLDAP (oct_ndk_2007) to provide LDAP support. Use of other versions of these products might work, but support is not guaranteed.
RSA BSAFE Crypto-J 6.2.5 Release Notes FIPS 140-2 Operations Federal Information Processing Standards Publication 140-2 - Security Requirements for Cryptographic Modules (FIPS 140-2) details the United States Government requirements for cryptographic modules. For more information about the FIPS 140-2 standard and validation program, see the FIPS 140-2 page on the NIST Web site at https://csrc.nist.gov/projects/cryptographic-module-validationprogram/standards.
RSA BSAFE Crypto-J 6.2.5 Release Notes Operating Environment Information Operating environment support for Crypto-J is separated into three categories: • Primary Operating Environments: Crypto-J is designed and tested to support these operating environments at the time of release. For information about FIPS validation and testing, see FIPS 140-2 Operations. • Secondary Operating Environments: these operating environments are not tested with this release.
RSA BSAFE Crypto-J 6.2.5 Release Notes Table 1 Primary Operating Environment Information (continued) CPU Architecture CPU Size Compiler Version x86_64 64-bit OpenJDK 8u Android™ 9.0 ARM® v8-A 64-bit Android SDK 28 Android 8.x ARM v8 64-bit Android SDK 26, 27 ARM v8 32-bit ARM v7 32-bit x86 32-bit ARM v8 64-bit ARM v8 32-bit ARM v7 32-bit x86 32-bit PowerPC® 64-bit PowerPC 32-bit Operating System FreeBSD® Foundation FreeBSD 11.x Google® Android 7.x Android SDK 24.
RSA BSAFE Crypto-J 6.2.5 Release Notes Table 1 Primary Operating Environment Information (continued) CPU Architecture CPU Size Windows Server 2016 x86_64 64-bit IBM JDK 8.0 Oracle JDK 8.0, 9.0.1 Windows Server 2012 R2 x86_64 64-bit IBM JDK 8.0 Oracle JDK 8.0, 9.0.1 Windows Server 2012 x86_64 64-bit IBM JDK 8.0 Oracle JDK 8.0, 9.0.1 Windows Server 2008 SP2 x86_64 64-bit IBM JDK. 8.0 Oracle JDK 8.0 Windows Server 2008 (SSLF configuration) x86_64 64-bit IBM JDK 8.0 Oracle JDK 8.
RSA BSAFE Crypto-J 6.2.5 Release Notes Secondary Operating Environments The following table lists the secondary operating environments which are not tested with this release, but can be requested through RSA Customer Support. Table 2 Secondary Operating Environment Information CPU Architecture CPU Size JVM x86_64 64-bit Apple JDK 7.0 x86 32-bit x86_64 64-bit IBM JDK 7.0, 7.1 OpenJDK 7u Oracle JDK 7.0 x86 32-bit IBM JDK 7.0, 7.1 OpenJDK 7u Oracle JDK 7.0, 9.01 (EA) CentOS 7.
RSA BSAFE Crypto-J 6.2.5 Release Notes Table 2 Secondary Operating Environment Information (continued) Operating System CPU Architecture CPU Size JVM ARM v7 32-bit Android SDK 19 x86 32-bit Itanium® 2 64-bit Google (continued) Android 4.4.x HPE HP-UX 11.31 HP JDK 7.0, 8.0 32-bit IBM AIX 7.2 PowerPC 64-bit IBM JDK 7.0, 7.1 32-bit AIX 7.1 PowerPC 64-bit IBM JDK 7.0, 7.1, 8.0 32-bit AIX 6.1 PowerPC 64-bit IBM JDK 7.0, 8.
RSA BSAFE Crypto-J 6.2.5 Release Notes Table 2 Secondary Operating Environment Information (continued) CPU Architecture CPU Size x86_64 64-bit IBM JDK.7.0, 7.1 Oracle JDK 7.0 x86 32-bit IBM JDK.7.0, 7.1, 8.0 Oracle JDK 7.0, 8.0 Windows Server 2016 x86_64 64-bit IBM JDK.7.0, 7.1 Oracle JDK 7.0 Windows Server 2012 R2 x86_64 64-bit IBM JDK.7.0, 7.1 Oracle JDK 7.0 Windows Server 2012 x86_64 64-bit IBM JDK.7.0, 7.1 Oracle JDK 7.0, 9.0.1 Windows Server 2008 SP2 x86_64 64-bit IBM JDK.7.
RSA BSAFE Crypto-J 6.2.5 Release Notes Table 2 Secondary Operating Environment Information (continued) CPU Architecture CPU Size Enterprise Linux 7.6 x86_64 64-bit IBM JDK 7.0, 7.1 OpenJDK 7u Oracle JDK 7.0 Enterprise Linux 6.9 x86_64 64-bit x86 32-bit IBM JDK 7.0, 7.1, 8.0 OpenJDK 7u, 8.u Oracle JDK 7.0, 8.0 Operating System JVM Red Hat 1 Early Adopter 2No Native support, due to lack of support in Crypto-C ME 4.1/MES 4.1.
RSA BSAFE Crypto-J 6.2.5 Release Notes Table 3 Tested JDK Update Versions (continued) Operating System CPU Oracle Solaris SPARC v9 Oracle JDK 1.8.0_201-b09 64-bit Red Hat Enterprise Linux 7 Compiler Version x86_64 64-bit Oracle JDK 1.8.0_65 64-bit IBM JDK 1.8.0_201 OpenJDK 1.8.0_1311 Oracle JDK 1.8.0_201-b09 Discontinued Environments In this release of Crypto-J, RSA discontinues support for the following: • Apple Mac OSX 10.7 32-bit and 64-bit • Apple Mac OSX 10.
RSA BSAFE Crypto-J 6.2.5 Release Notes Interoperability Application Server Interoperability Crypto-J operates on the application servers on the platforms and in the scenarios shown below, and has been tested under the following conditions: • JCE dynamic loading • JCE static loading • JCE FIPS 140 dynamic loading • JCE FIPS 140 static loading. • Crypto-J provider registered statically and called explicitly while being bundled with the application. • Native support for cryptographic operations.
RSA BSAFE Crypto-J 6.2.5 Release Notes JSSE Interoperability Crypto-J operates and has been tested with the JSSE providers on the platforms shown below: Table 5 JSSE Interoperability Operating System Microsoft Windows Server 2012 R2 CPU JSSE Provider JDK Version 64-bit IBM 1.7.0 R27_Java727_SR3_20150407_1831_B243189 1.8.0 R28_Java8_SR3_20160719_1144_B312156 Oracle 1.7.0_80-b15 1.8.0_201-b09 Oracle Solaris 11.4 SPARC 9 64-bit Oracle 1.8.0_201-b09 Red Hat Enterprise Linux 7.6 64-bit IBM1 1.
RSA BSAFE Crypto-J 6.2.5 Release Notes Supported Hardware Devices The following table lists the PKCS #11 hardware device and features tested and supported in this release of Crypto-J when using Oracle JDK 7.0 on a physical host machine. No virtual environments are supported. JDKs, devices, and operations other than that listed might work, but support is not guaranteed. The supported device is subject to change in subsequent releases of Crypto-J.
RSA BSAFE Crypto-J 6.2.
RSA BSAFE Crypto-J 6.2.5 Release Notes Elliptic Curve Supported Named Curves The following table lists the Named Elliptic Curves supported in this release.
RSA BSAFE Crypto-J 6.2.5 Release Notes Symmetric Encryption and Decryption Algorithms The following table lists the supported symmetric encryption and decryption algorithms in this release of Crypto-J.
RSA BSAFE Crypto-J 6.2.5 Release Notes Asymmetric Encryption and Decryption Algorithms The following table lists the supported asymmetric encryption and decryption algorithms supported in this release.
RSA BSAFE Crypto-J 6.2.5 Release Notes Digital Signature Schemes Algorithms The following table lists the supported digital signature schemes algorithms in this release of Crypto-J. Table 11 Digital Signature Schemes Algorithms Algorithm Mode/Description RSA PKCS #1 v1.
RSA BSAFE Crypto-J 6.2.5 Release Notes Table 11 Digital Signature Schemes Algorithms (continued) Key Bits (or Equivalent) Algorithm Mode/Description DSA In accordance with FIPS 186-4 (if key size is 1024, 2048, or 3072) Applicable digests: • SHA-1 • SHA-224 • SHA-256 • SHA-384 • SHA-512 • SHA-512/224 • SHA-512/256 512 - 4096 ANSI X9.
RSA BSAFE Crypto-J 6.2.5 Release Notes Table 12 Random Number Generation Algorithms (continued) Mode/Description Key Bits (or Equivalent) Native Support SHA-1-based PRNG1 Unspecified No No X9.31-based PRNG1 Unspecified No No PKCS #11 1 Deprecated in this release, and subject to removal in a later release. Message Authentication Codes Algorithms The following table lists the supported message authentication codes algorithms in this release of Crypto-J.
RSA BSAFE Crypto-J 6.2.5 Release Notes Message Digest Algorithms The following table lists the supported message digest algorithms in this release of Crypto-J.
RSA BSAFE Crypto-J 6.2.5 Release Notes Key Generation Algorithms The following table lists the supported random number generation algorithms in this release of Crypto-J.
RSA BSAFE Crypto-J 6.2.5 Release Notes Key Derivation Algorithms The following table lists the supported key derivation algorithms in this release of Crypto-J.
RSA BSAFE Crypto-J 6.2.5 Release Notes Key Wrap Encryption and Decryption Algorithms The following table lists the supported key wrap encryption and decryption algorithms in this release of Crypto-J.
RSA BSAFE Crypto-J 6.2.5 Release Notes Enhancements and Resolved Issues The following table lists the enhancements and resolved issues in this release of Crypto-J: Table 21 Enhancement and Resolved Issues ID Description BSFCRYJ-1246 Increase the default asymmetric key pair generation sizes. BSFCRYJ-1230 The deprecated classes do not show up as deprecated in obfuscated jars. BSFCRYJ-1229 JCE API enhancement for reading PEM encoded RSA private key files.
RSA BSAFE Crypto-J 6.2.5 Release Notes Known Issues The following table lists the known issues in this release of Crypto-J. Table 22 Known Issues ID Description BSFCRYJ-1245 The default PBE iteration count is too low. BSFCRYJ-1234 JsafeJCE interoperability issue with Oracle JSSE in JDK 7 on Solaris 11 when using DHE cipher suites. BSFCRYJ-1161 jce.cms.WorkflowRSAOAEP and jce.cms.WorkflowRSAKEMKWS samples fail in FIPS 140 mode (use 1024-bit RSA key).
RSA BSAFE Crypto-J 6.2.5 Release Notes Documentation The complete Crypto-J documentation suite includes: • This document, the RSA BSAFE Crypto-J Release Notes, in Portable Document Format (PDF), with the latest information on Crypto-J. • RSA BSAFE Crypto-J FIPS Compliance Guide, in PDF, which describes how Crypto-J uses the Crypto-J JSAFE and JCE Software Module FIPS 140-2 cryptographic module, and how to operate Crypto-J in a manner consistent with the requirements of the cryptographic module.
RSA BSAFE Crypto-J 6.2.5 Release Notes Support and Service Access community and support information for your RSA BSAFE products on RSA Link at https://community.rsa.com/community/products/bsafe. RSA Link offers a knowledge base containing answers to common questions and solutions to known problems, product documentation, community discussions, and case management. Customers can also open support cases by sending an email to support@rsa.com. RSA Ready at https://community.rsa.