The Legion of the Bouncy Castle has released version 1.40
of the Bouncy Castle Java Cryptography API, an open source,
clean-room implementation of the Java Cryptography Extension (JCE).
It supports X.509 certificates, PKCS12, S/MIME, CMS, PKCS7, TEA, XTEA, SHA224, and lots of other juicy acronyms. It also includes its own light-weight crypto API that works in Java 1.0 and later, and does not depend on the JCE.
According to the announcement:
This release adds GCM mode to the provider and lightweight API. In addition a new PKCS12 type "PKCS12-3DES-3DES" has been added o allow for the creation of PKCS12 files that use purely DES-EDE and the TSP package now supports validation of responses with 2 signingCertificate entries. Bug fixes include proper resetting of EAX mode ciphers on doFinal, the SMIME API can now verify signatures for doubly nested multipart objects, the X509Name class can now handle zero length RDNs and escaped '+' characters, the default partial packet generator in BCPG no longer generates garbage files if file length is over 32 bits, the getCreationTime method now returns the proper value for just created PGP signatures, and a regression from 1.38 affecting getPublicKey on PKIXCertPathValidatorResult has been fixed.
Download it while it's still legal.