Skip to main content
Skip table of contents


The following provides an overview of Bouncy Castle's capabilities and support, with relevant links to external standards and documentation. 

Packages and Standards

Bouncy Castle Java supports the following formats and standards.


The following lists certifications with relevant links to certificates and documentation.

For more information about the Bouncy Castle FIPS Java API and how it presents cryptography, refer to The Bouncy Castle FIPS Java API in 100 Examples and sample code at and

Algorithms and Key Types

Bouncy Castle supports the following public key algorithm types and key size/curves.

AlgorithmExternal ReferenceJavaC#FIPS JavaFIPS C#
Diffie-HellmanSP 800-56A(tick)(tick)(tick)(tick)
DSAFIPS PUB 186-4, RFC 6979(tick)(tick)(tick)(tick)
DSTUDSTU 4145-2002(tick)(tick)(tick)
ECDSA/ECDHX9.62, FIPS PUB 186-4, RFC 5639, RFC 6979, SP 800-56A(tick)(tick)(tick)(tick)
EdDSA/XDHRFC 7748, RFC 8032, RFC 8410(tick)(tick)(tick)(tick)

ElGamalRFC 4880(tick)(tick)(tick)(tick)
GOSTRFC 4490, RFC 7836(tick)(tick)(tick)
LMS/HSSRFC 8554, RFC 8708(tick)(tick)(tick)
SM2RFC 8998(tick)(tick)(tick)
RSARFC 8017, FIPS PUB 186-4, SP 800-56B(tick)(tick)(tick)(tick)
XMSSRFC 8391(tick)(tick)

Symmetric Key Algorithms

Bouncy Castle supports the following symmetric key block based algorithms.

AlgorithmExternal ReferenceKey Sizes (bits)Block Size (bits)JavaC#FIPS JavaFIPS C#Notes
AESFIPS PUB 197, RFC 3394, RFC 5649128, 192, 256128(tick)(tick)(tick)(tick)
ARIARFC 5794, RFC 5649128, 192, 256128(tick)(tick)(tick)

CamelliaRFC 3713, RFC 3657128, 192, 256128(tick)(tick)(tick)(tick)
CAST 5RFC 21440...12864(tick)(tick)(tick)

CAST 6RFC 26120...256128(tick)(tick)

DSTU 7624DSTU 7624:2014128, 256, 512128, 256, 512(tick)(tick)(tick)

GOST 28147RFC 583025664(tick)(tick)(tick)

GOST 3412-2015RFC 7801256128(tick)(tick)

LEAISO/IEC 29192-2:2019128128, 192, 256(tick)

RC2RFC 2268, RFC 32170...102464(tick)(tick)(tick)

RC5RFC 204012864, 128(tick)(tick)

SEEDRFC 4269128128(tick)(tick)(tick)(tick)
SM4RFC 8998128128(tick)(tick)

TripleDESFIPS PUB 46-3, RFC 3217112, 16864(tick)(tick)(tick)

Bouncy Castle supports the following symmetric key stream based algorithms.

AlgorithmExternal ReferenceKey Sizes (bits)JavaC#FIPS JavaFIPS C#Notes
AsconCAESAR, NIST Lightweight Competition Finalist128, 160(tick)(tick)

CHACHA-7359RFC 7359128, 256(tick)(tick)
GRAINeSTREAM Project128(tick)(tick)

HCeSTREAM Project128, 256(tick)(tick)

RFC 4345
40...2048(tick)(tick)(tick)(tick)Unsafe - legacy use only.
Salsa20eSTREAM Project128, 256(tick)(tick)

Message Digests and Expandable Output Functions

Bouncy Castle supports the following Message Digests and Expandable Output Functions (XOFs).

AlgorithmExternal ReferenceJavaC#





Ascon (Hash, XOF)NIST Lightweight Competition Finalist(tick)(tick)

Blake2RFC 7693(tick)(tick)


cSHAKE-128, cSHAKE-256SP 800-185(tick)(tick)(tick)(tick)

KMAC-128, KMAC-256SP 800-185(tick)(tick)(tick)(tick)
MD5RFC 1321(tick)(tick)(tick)(tick)
ParallelHash-128, ParallelHash-256SP 800-185(tick)(tick)(tick)(tick)
SHA-1FIPS PUB 180-4(tick)(tick)(tick)(tick)
SHA224, SHA256, SHA384, SHA512, SHA512/224, SHA512/256FIPS PUB 180-4(tick)(tick)(tick)(tick)
SHA3-224, SHA3-256, SHA3-384, SHA3-512FIPS PUB 202(tick)(tick)(tick)(tick)
SHAKE-128, SHAKE-256FIPS PUB 202, RFC 8702(tick)(tick)(tick)(tick)
SM3RFC 8998(tick)(tick)

TigerProject NESSIE(tick)(tick)(tick)
TupleHash-128, TupleHash-256SP 800-185(tick)(tick)(tick)(tick)
WhirlpoolProject NESSIE, ISO/IEC 10118-3(tick)(tick)(tick)

Post Quantum Algorithm Support

The following stateful hash-based signature algorithms are standardized and implemented.

Signature AlgorithmExternal Reference

SP 800-208, RFC 8554, RFC 8708

XMSSSP 800-208, RFC 8391

NIST PQC Competition Algorithms

For further details on these algorithms, refer to NIST Post-Quantum Cryptography.

The Post-Quantum Cryptography (PQC) algorithms below are still under development. Published standards are unlikely to appear before mid-2024 and the algorithms may still change. You can start experimenting, but note that while the Key Encapsulation Algorithms (KEMs) are suitable for use with hybrid cryptography using short-term keys, the PQC algorithms below are still not suitable for use with anything long-term.

Key Encapsulation Algorithms (KEMs)

Key Encapsulation AlgorithmStatus


Finalist, for standardization, FIPS PUB 203 (Draft)


Round 4 Candidate


Round 4 Candidate

Classic McEliece

Round 4 Candidate, used by BIS


Round 3 Candidate


Round 3 Alternate Candidate, used by BIS


Round 3 Candidate

NTRU Prime

Round 3 Alternate Candidate

Signature Algorithms

Signature AlgorithmStatus


Finalist, for standardization, FIPS PUB 204 (Draft)


Finalist, for standardization, FIPS PUB 205 (Draft)


Finalist, for standardization


Round 3 Candidate


Round 3 Candidate (cat III and cat V submission only)


Round 3 Candidate

CRL, OCSP and Certificate Distribution

Bouncy Castle supports the following CRL formats and standards.

Supported StandardExternal Reference
CRL creation and URL based CRL Distribution Points.RFC 5280
Online Certificate Status Protocol (OCSP), including AIA-extension and must-staple extension.RFC 2560, RFC 6960RFC 5019 and RFC 8964

The German Common PKI SigG CertHash OCSP extension.

Certificate Enrollment Protocols

The following lists Certificate Enrollment Protocols and/or interfaces.

Protocol / InterfaceExternal ReferenceDocumentation
Simple Certificate Enrollment Protocol (SCEP).SCEP draft 23/wiki/spaces/EJBCADS/pages/238900784
Certificate Management Protocol (CMP).RFC 4210/wiki/spaces/EJBCADS/pages/238900794
Enrollment over Secure Transport (EST).RFC 7030/wiki/spaces/EJBCADS/pages/238925166
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.