Java News from Thursday, November 8, 2007

The Legion of the Bouncy Castle has released version 1.37 1.38 of the Bouncy Castle Java Cryptography API, an open source, clean-room implementation of the Java Cryptography Extension (JCE). It supports X.509 certificates, PKCS12, S/MIME, CMS, PKCS7, TEA, XTEA, SHA224, and lots of other juicy acronyms. It also includes its own light-weight crypto API that works in Java 1.0 and later, and does not depend on the JCE. According to the announcement:

This release adds the VMPC stream cipher, performance improvements to both the ASN.1 and CMS libraries and the BCPGInputStream class can now handle packets in the 2**31->2**32 - 1 range. In addition a bug that could cause TlsInputStream to return an early end of file has been fixed, and a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes has been removed.

Download it while it's still legal.