summary refs log tree commit diff
path: root/crypto/Readme.html
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/Readme.html')
-rw-r--r--crypto/Readme.html935
1 files changed, 516 insertions, 419 deletions
diff --git a/crypto/Readme.html b/crypto/Readme.html
index d7b9df487..27720b7a5 100644
--- a/crypto/Readme.html
+++ b/crypto/Readme.html
@@ -4,111 +4,117 @@
 		<title>Notes</title>
 		<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">
 	</head>
-	<body>
-		<h2><a class="mozTocH2" name="mozTocId533031"></a>The Bouncy Castle C# Cryptographic API</h2>
-		<h3><a class="mozTocH3" name="mozTocId685176"></a>Contents:<br/></h3>
-		<ol id="mozToc">
-			<!--mozToc h1 1 h2 2 h3 3 h4 4 h5 5 h6 6-->
-            <li><a href="#mozTocId533031">The Bouncy Castle Cryptographic C#® API</a>
-		<ol>
-			<li>
-		<ol>
-			<li>
-				<a href="#mozTocId685176">Contents: </a>
-			<li>
-				<a href="#mozTocId66345">License &amp; Contributors:</a>
-			<li>
-				<a href="#mozTocId575388">Features:</a>
-			<li>
-				<a href="#mozTocId211208">How To Build.</a>
-			<li>
-				<a href="#mozTocId245743">The Source:</a>
-			<li>
-				<a href="#mozTocId326820">Documentation:</a>
-			<li>
-				<a href="#mozTocId358608">For first time users.</a>
-			<li>
-				<a href="#mozTocId3413">Notes:</a>
-		<ol>
-            <li>
-                <a href="#mozTocId85326">Release 2.0.0</a>
-            <li>
-                <a href="#mozTocId85325">Release 1.9.0</a>
-            <li>
-                <a href="#mozTocId85324">Release 1.8.10</a>
-            <li>
-                <a href="#mozTocId85323">Release 1.8.9</a>
-            <li>
-                <a href="#mozTocId85322">Release 1.8.8</a>
-            <li>
-                <a href="#mozTocId85321">Release 1.8.7</a>
-            <li>
-                <a href="#mozTocId85320">Release 1.8.6</a>
-            <li>
-                <a href="#mozTocId85319">Release 1.8.5</a>
-            <li>
-                <a href="#mozTocId85318">Release 1.8.4</a>
-            <li>
-                <a href="#mozTocId85317">Release 1.8.3</a>
-            <li>
-                <a href="#mozTocId85316">Release 1.8.2</a>
-            <li>
-                <a href="#mozTocId85315">Release 1.8.1</a>
-            <li>
-                <a href="#mozTocId85314">Release 1.8.0</a>
-            <li>
-				<a href="#mozTocId85313">Release 1.7</a>
-			<li>
-				<a href="#mozTocId85312">Release 1.6.1</a>
-			<li>
-				<a href="#mozTocId85311">Release 1.6</a>
-			<li>
-				<a href="#mozTocId85310">Release 1.5</a>
-			<li>
-				<a href="#mozTocId85309">Release 1.4</a>
-			<li>
-				<a href="#mozTocId85308">Release 1.3</a>
-			<li>
-				<a href="#mozTocId85307">Release 1.2</a>
-			<li>
-				<a href="#mozTocId85306">Release 1.1</a>
-			<li>
-				<a href="#mozTocId85305">Release 1.0</a>
-			<li>
-				<a href="#mozTocId85304">Tuesday Febuary 1, 2005</a>
-			<li>
-				<a href="#mozTocId498363">Sunday December 12, 2004</a></li>
-		</ol>
-		<li>
-			<a href="#mozTocId948186">Trademarks. </a>
-		</li>
-		</ol> </li> </ol> </li> </ol>
-		<br/>
-		<hr style="WIDTH: 100%; HEIGHT: 2px">
-		<h3><a class="mozTocH3" name="mozTocId66345"></a>License &amp; Contributors:</h3>
-		See <a href="License.html">License</a> &amp; <a href="Contributors.html">Contributors</a>
-		files.<br/>
-		&nbsp;<br/>
-		<hr style="WIDTH: 100%; HEIGHT: 2px">
-		<h3><a class="mozTocH3" name="mozTocId66345"></a>Patents:</h3>
+    <body>
+        <h2><a class="mozTocH2" name="mozTocId533031"></a>The Bouncy Castle C# Cryptographic API</h2>
+        <h3><a class="mozTocH3" name="mozTocId685176"></a>Contents:<br /></h3>
+        <ol id="mozToc">
+            <!--mozToc h1 1 h2 2 h3 3 h4 4 h5 5 h6 6-->
+            <li>
+                <a href="#mozTocId533031">The Bouncy Castle Cryptographic C#® API</a>
+                <ol>
+                    <li>
+                        <ol>
+                            <li>
+                                <a href="#mozTocId685176">Contents: </a>
+                            <li>
+                                <a href="#mozTocId66345">License &amp; Contributors:</a>
+                            <li>
+                                <a href="#mozTocId575388">Features:</a>
+                            <li>
+                                <a href="#mozTocId211208">How To Build.</a>
+                            <li>
+                                <a href="#mozTocId245743">The Source:</a>
+                            <li>
+                                <a href="#mozTocId326820">Documentation:</a>
+                            <li>
+                                <a href="#mozTocId358608">For first time users.</a>
+                            <li>
+                                <a href="#mozTocId3413">Notes:</a>
+                                <ol>
+                                    <li>
+                                        <a href="#mozTocId85326">Release 2.0.0</a>
+                                    <li>
+                                        <a href="#mozTocId85325">Release 1.9.0</a>
+                                    <li>
+                                        <a href="#mozTocId85324">Release 1.8.10</a>
+                                    <li>
+                                        <a href="#mozTocId85323">Release 1.8.9</a>
+                                    <li>
+                                        <a href="#mozTocId85322">Release 1.8.8</a>
+                                    <li>
+                                        <a href="#mozTocId85321">Release 1.8.7</a>
+                                    <li>
+                                        <a href="#mozTocId85320">Release 1.8.6</a>
+                                    <li>
+                                        <a href="#mozTocId85319">Release 1.8.5</a>
+                                    <li>
+                                        <a href="#mozTocId85318">Release 1.8.4</a>
+                                    <li>
+                                        <a href="#mozTocId85317">Release 1.8.3</a>
+                                    <li>
+                                        <a href="#mozTocId85316">Release 1.8.2</a>
+                                    <li>
+                                        <a href="#mozTocId85315">Release 1.8.1</a>
+                                    <li>
+                                        <a href="#mozTocId85314">Release 1.8.0</a>
+                                    <li>
+                                        <a href="#mozTocId85313">Release 1.7</a>
+                                    <li>
+                                        <a href="#mozTocId85312">Release 1.6.1</a>
+                                    <li>
+                                        <a href="#mozTocId85311">Release 1.6</a>
+                                    <li>
+                                        <a href="#mozTocId85310">Release 1.5</a>
+                                    <li>
+                                        <a href="#mozTocId85309">Release 1.4</a>
+                                    <li>
+                                        <a href="#mozTocId85308">Release 1.3</a>
+                                    <li>
+                                        <a href="#mozTocId85307">Release 1.2</a>
+                                    <li>
+                                        <a href="#mozTocId85306">Release 1.1</a>
+                                    <li>
+                                        <a href="#mozTocId85305">Release 1.0</a>
+                                    <li>
+                                        <a href="#mozTocId85304">Tuesday Febuary 1, 2005</a>
+                                    <li>
+                                        <a href="#mozTocId498363">Sunday December 12, 2004</a>
+                                    </li>
+                                </ol>
+                            <li>
+                                <a href="#mozTocId948186">Trademarks. </a>
+                            </li>
+                        </ol>
+                    </li>
+                </ol>
+            </li>
+        </ol>
+        <br />
+        <hr style="WIDTH: 100%; HEIGHT: 2px">
+        <h3><a class="mozTocH3" name="mozTocId66345"></a>License &amp; Contributors:</h3>
+        See <a href="License.html">License</a> &amp; <a href="Contributors.html">Contributors</a>
+        files.<br />
+        &nbsp;<br />
+        <hr style="WIDTH: 100%; HEIGHT: 2px">
+        <h3><a class="mozTocH3" name="mozTocId66345"></a>Patents:</h3>
         <p>
             Some of the algorithms in the Bouncy Castle APIs are patented in some places. It is up to the user of the library to be aware
             of their own legal situation, however we have been asked to specifically mention the patents below, in the following terms,
             at the request of the patent holder.
         </p>
         <p>
-The BC distribution contains implementations of EC MQV as described in RFC 5753, "Use of ECC Algorithms in CMS". In line with the conditions in:
-</p><p>
-<a href="http://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf">http://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf</a>
-</p><p>
-We state, where EC MQV has not otherwise been disabled or removed:
-"The use of this product or service is subject to the reasonable, non-discriminatory terms in the Intellectual Property Rights (IPR) Disclosures of Certicom Corp. at the IETF for Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) implemented in the product or service." 
-		</p>
-		&nbsp;<br/>
-		<hr style="WIDTH: 100%; HEIGHT: 2px">
-		<br/>
-		<h3><a class="mozTocH3" name="mozTocId575388"></a>Features:</h3>
-		<ul>
+            The BC distribution contains implementations of EC MQV as described in RFC 5753, "Use of ECC Algorithms in CMS". In line with the conditions in:
+        </p><p>
+            <a href="http://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf">http://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf</a>
+        </p><p>
+            We state, where EC MQV has not otherwise been disabled or removed:
+            "The use of this product or service is subject to the reasonable, non-discriminatory terms in the Intellectual Property Rights (IPR) Disclosures of Certicom Corp. at the IETF for Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) implemented in the product or service."
+        </p>
+        &nbsp;<br />
+        <hr style="WIDTH: 100%; HEIGHT: 2px">
+        <br />
+        <h3><a class="mozTocH3" name="mozTocId575388"></a>Features:</h3>
+        <ul>
             <li>
                 Generation and parsing of PKCS-12 files.
             </li>
@@ -192,19 +198,20 @@ We state, where EC MQV has not otherwise been disabled or removed:
                 Elliptic Curve Cryptography: support for generic F2m and Fp curves, high-performance custom implementations
                 for many standardized curves.
             </li>
-			<li>
-				Reading/writing of PEM files, including RSA and DSA keys, with a variety of 
-				encryptions.
-			</li>
-			<li>PKIX certificate path validation</li>
-		</ul>
-		<br/>
-		<p><b>Porting notes from the old ASN.1 library</b> For the most part code using the 
-			old subset of ASN.1 classes should be easy to transfer, providing the following 
-			changes are made:
-		</p>
-		<ul>
-			<li>
+            <li>
+                Reading/writing of PEM files, including RSA and DSA keys, with a variety of
+                encryptions.
+            </li>
+            <li>PKIX certificate path validation</li>
+        </ul>
+        <br />
+        <p>
+            <b>Porting notes from the old ASN.1 library</b> For the most part code using the
+            old subset of ASN.1 classes should be easy to transfer, providing the following
+            changes are made:
+        </p>
+        <ul>
+            <li>
                 DERObject becomes Asn1Object
             </li>
             <li>
@@ -224,34 +231,34 @@ We state, where EC MQV has not otherwise been disabled or removed:
             <li>
                 BERInputStream and DERInputStream are replaced with Asn1InputStream
             </li>
-			<li>
-				AsymmetricKeyParameter is now in the Org.Bouncycastle.Crypto namespace
+            <li>
+                AsymmetricKeyParameter is now in the Org.Bouncycastle.Crypto namespace
             </li>
-		</ul>
-		<br/>
-		<hr style="WIDTH: 100%; HEIGHT: 2px">
-		<h3><a class="mozTocH3" name="mozTocId211208"></a>How To Build.</h3>
+        </ul>
+        <br />
+        <hr style="WIDTH: 100%; HEIGHT: 2px">
+        <h3><a class="mozTocH3" name="mozTocId211208"></a>How To Build.</h3>
         <p>
             (NOTE: This build system is essentially obsolete and will be withdrawn after the 1.8 series. We have
             introduced MSBuild project files which will probably be a preferred option if you want to build yourself.)
         </p>
-		<p>
-			The BC C# API uses NAnt (<a href="http://nant.sourceforge.net/">http://nant.sourceforge.net</a>) 
-			to provide a platform independent build environment (suggested version NAnt 0.90).
-			There is also a solution file for Visual Studio, and for MonoDevelop. The API works
-			with .NET Framework 1.1 and above. It has been successfully built and tested with Mono
-			versions from 1.1.13 onwards. The source code can be built for .NET Compact Framework 1.0
-			by setting the compilation flag NETCF_1_0, or .NET Compact Framework 2.0 by setting NETCF_2_0,
-			or Silverlight 2 by setting SILVERLIGHT.
-		</p>
-		Using a command prompt (DOS window), cd into the 'crypto' folder of this 
-		distribution.<br/>
-		<br/>
-		<span style="FONT-WEIGHT: bold">Use,</span><br/>
-		<ul>
-			<li>
-				'<span style="FONT-WEIGHT: bold">nant</span>' without arguments to compile 
-			    debug code, the tests and run the tests.
+        <p>
+            The BC C# API uses NAnt (<a href="http://nant.sourceforge.net/">http://nant.sourceforge.net</a>)
+            to provide a platform independent build environment (suggested version NAnt 0.90).
+            There is also a solution file for Visual Studio, and for MonoDevelop. The API works
+            with .NET Framework 1.1 and above. It has been successfully built and tested with Mono
+            versions from 1.1.13 onwards. The source code can be built for .NET Compact Framework 1.0
+            by setting the compilation flag NETCF_1_0, or .NET Compact Framework 2.0 by setting NETCF_2_0,
+            or Silverlight 2 by setting SILVERLIGHT.
+        </p>
+        Using a command prompt (DOS window), cd into the 'crypto' folder of this
+        distribution.<br />
+        <br />
+        <span style="FONT-WEIGHT: bold">Use,</span><br />
+        <ul>
+            <li>
+                '<span style="FONT-WEIGHT: bold">nant</span>' without arguments to compile
+                debug code, the tests and run the tests.
             </li>
             <li>
                 '<span style="FONT-WEIGHT: bold">nant compile-release</span>' to compile
@@ -261,68 +268,119 @@ We state, where EC MQV has not otherwise been disabled or removed:
                 '<span style="FONT-WEIGHT: bold">nant compile-debug</span>' to compile
                 debug code.
             </li>
-			<li>
-				'<SPAN style="FONT-WEIGHT: bold">nant test</SPAN>' to run the included unit 
-				tests (using NUnit; you may need to edit the build file to set the location 
-				where NUnit is installed).
-            </li>
-		</ul>
-		<P>
-			<span style="FONT-WEIGHT: bold">Output:</span><br/>
-			<br/>
-			&nbsp;&nbsp;&nbsp; The compiled API can be found in the 'api/bin/release' &amp; 
-			'api/bin/debug' directories.<br/>
-			&nbsp;&nbsp;&nbsp; The compiled tests can be found in the 'test/bin' directory 
-			(by default a debug build is used for testing).<br/>
-		<P>
-			<hr style="WIDTH: 100%; HEIGHT: 2px">
-		<P></P>
-		<h3><a class="mozTocH3" name="mozTocId245743"></a><span style="FONT-WEIGHT: bold">The Source:</span></h3>
-		The main source code can be found in the 'src' directory.<br/>
-		<br/>
-		<hr style="WIDTH: 100%; HEIGHT: 2px">
-		<h3><a class="mozTocH3" name="mozTocId326820"></a><span style="FONT-WEIGHT: bold"></span>Documentation:</h3>
-		<p>
+            <li>
+                '<SPAN style="FONT-WEIGHT: bold">nant test</SPAN>' to run the included unit
+                tests (using NUnit; you may need to edit the build file to set the location
+                where NUnit is installed).
+            </li>
+        </ul>
+        <P>
+            <span style="FONT-WEIGHT: bold">Output:</span><br />
+            <br />
+            &nbsp;&nbsp;&nbsp; The compiled API can be found in the 'api/bin/release' &amp;
+            'api/bin/debug' directories.<br />
+            &nbsp;&nbsp;&nbsp; The compiled tests can be found in the 'test/bin' directory
+            (by default a debug build is used for testing).<br />
+        <P>
+            <hr style="WIDTH: 100%; HEIGHT: 2px">
+        <P></P>
+        <h3><a class="mozTocH3" name="mozTocId245743"></a><span style="FONT-WEIGHT: bold">The Source:</span></h3>
+        The main source code can be found in the 'src' directory.<br />
+        <br />
+        <hr style="WIDTH: 100%; HEIGHT: 2px">
+        <h3><a class="mozTocH3" name="mozTocId326820"></a><span style="FONT-WEIGHT: bold"></span>Documentation:</h3>
+        <p>
             There is limited documentation available at the moment. Some of the source contains XML comments,
             but this is a work in progress. We welcome contributions of documentation, which often requires only
             formatting changes from the corresponding javadoc in the Java API.
         </p>
-		<P>
-			<hr style="WIDTH: 100%; HEIGHT: 2px">
-		<P></P>
-		<h3><a class="mozTocH3" name="mozTocId358608"></a>For first time users.</h3>
-		&nbsp;<span style="FONT-WEIGHT: bold">Java® heritage,</span><br/>
-		<br/>
-		The Bouncy Castle C# API is a port of the Bouncy Castle Java APIs. 
-		Approximately %80 of the functionality in the Java build has now been ported. 
-		For the most part, the naming conventions of the .NET platform have been 
-		adopted. The C# API is constantly kept uptodate with bug fixes and new test 
-		cases from the Java build (and vice versa sometimes), thus benefitting from the 
-		large user base and real-world use the Java version has seen.<br/>
-		<br/>
-		<span style="FONT-WEIGHT: bold">Please consider.</span><br/>
-		<br/>
-		The Bouncy Castle C# API is a library of transformations that when combined properly will enable
+        <P>
+            <hr style="WIDTH: 100%; HEIGHT: 2px">
+        <P></P>
+        <h3><a class="mozTocH3" name="mozTocId358608"></a>For first time users.</h3>
+        &nbsp;<span style="FONT-WEIGHT: bold">Java® heritage,</span><br />
+        <br />
+        The Bouncy Castle C# API is a port of the Bouncy Castle Java APIs.
+        Approximately %80 of the functionality in the Java build has now been ported.
+        For the most part, the naming conventions of the .NET platform have been
+        adopted. The C# API is constantly kept uptodate with bug fixes and new test
+        cases from the Java build (and vice versa sometimes), thus benefitting from the
+        large user base and real-world use the Java version has seen.<br />
+        <br />
+        <span style="FONT-WEIGHT: bold">Please consider.</span><br />
+        <br />
+        The Bouncy Castle C# API is a library of transformations that when combined properly will enable
         developers to create standard conforming cryptographic systems. In order to use this API you must have
         some knowledge of how to build cryptographic systems, namely what transformations to use and the when,
-        where and why of their use. Developing good cryptographic systems takes practice and understanding.<br/>
-		<br/>
-		There are many resources available online and in book shops; please use those to your advantage.<br/>
-		<br/>
-		<hr style="WIDTH: 100%; HEIGHT: 2px">
-		<h3><a class="mozTocH3" name="mozTocId3413"></a>Notes:</h3>
-
-        <h4><a class="mozTocH4" name="mozTocId85326"></a>Release 2.0.0, TBD</h4>
+        where and why of their use. Developing good cryptographic systems takes practice and understanding.<br />
+        <br />
+        There are many resources available online and in book shops; please use those to your advantage.<br />
+        <br />
+        <hr style="WIDTH: 100%; HEIGHT: 2px">
+        <h3><a class="mozTocH3" name="mozTocId3413"></a>Notes:</h3>
 
+        <h4><a class="mozTocH4" name="mozTocId85326"></a>Release 2.0.0, Tuesday November 15, 2022</h4>
+        <p>
+            With this release we have finally moved to building for modern .NET versions (directly targeted frameworks:
+            net461, netstandard2.0, net6.0), and distributing using NuGet (package name BouncyCastle.Cryptography).
+            We have also adopted <a href="https://semver.org/">Semantic Versioning 2.0.0</a> for package versioning.
+        </p>
+        <p>
+            There are backward compatibility breaks with this release, but they are minor and the overall process of
+            migrating from either Release 1.9.0 (or
+            <a href="https://www.nuget.org/packages/Portable.BouncyCastle">Portable.BouncyCastle</a>) should be smooth
+            for most users. The legacy TLS implementation (Org.BouncyCastle.Crypto.Tls) has been removed and users
+            should migrate to the new implementation (Org.BouncyCastle.Tls).
+        </p>
+        <h5>Dedication</h5>
+        <p>
+            This release is dedicated to <a href="https://github.com/clairernovotny">Claire Novotny</a>, who has been
+            keeping the project alive for the past several years in the form of the
+            <a href="https://www.nuget.org/packages/Portable.BouncyCastle">Portable.BouncyCastle</a> NuGet package.
+        </p>
+        <h5>IMPORTANT</h5>
+        <ul>
+            <li>This release uses a new strong name from earlier versions (and other NuGet packages derived from them).</li>
+            <li>This release is now signed by "Legion of the Bouncy Castle Inc.".</li>
+        </ul>
         <h5>Defects Fixed</h5>
         <ul>
+            <li>Fixed TLS 1.3 Export Keying Material (https://github.com/bcgit/bc-java/issues/1133).</li>
+            <li>BasicOcspResponseGenerator now allows nullable 'nextUpdate' (https://github.com/bcgit/bc-csharp/issues/371)</li>
         </ul>
         <h5>Additional Features and Functionality</h5>
         <ul>
             <li>
+                When using the net6.0 version, several algorithms have been accelerated using intrinsics, most notably
+                AES, Chacha, Haraka, and GCM. So far this is limited to X86; Arm code will follow in future versions.
+                The current usages are opportunistic i.e. constrained by the existing public API in what they can achieve.
+                Use Org.BouncyCastle.Crypto.AesUtilities.CreateEngine() (instead of new AesEngine) to get an accelerated
+                AES engine if available.
+            </li>
+            <li>
+                Added implementations of the following NIST Post-Quantum Cryptography Standardization algorithms:
+                CRYSTALS-Dilithium, CRYSTALS-Kyber, Falcon, SPHINCS+, Classic McEliece, FrodoKEM, NTRU, NTRU Prime,
+                Picnic, Saber, BIKE, and SIKE. These should all be considered EXPERIMENTAL and subject to change or
+                removal. SIKE in particular is already slated for removal and should be used for research purposes only.
+            </li>
+            <li>
+                Many APIs have now added variants of existing methods to enable use of
+                <a href="https://learn.microsoft.com/en-us/dotnet/api/system.span-1">Span</a> (only available int the
+                net6.0 version).
+            </li>
+            <li>The library has been converted to use generic collections throughout.</li>
+            <li>
                 (D)TLS: By default, only (D)TLS 1.2 and TLS 1.3 are offered now. Earlier versions are still supported
                 if explicitly enabled. Users may need to check they are offering suitable cipher suites for TLS 1.3.
             </li>
+            <li>(D)TLS: RFC 9266 'tls-exporter' channel binding.</li>
+            <li>(D)TLS: RFC 7250 Raw Public Keys.</li>
+            <li>Added ASN.1 support for the Relative Object Identifier type.</li>
+            <li>Support additional input in deterministic (EC)DSA.</li>
+            <li>BigInteger can now export directly to uint[] in either big- or little-endian formats.</li>
+            <li>Added basic support for JKS keystores.</li>
+            <li>Added support for the Blake2xs and Blake3 digests.</li>
+            <li>OpenPGP: added support for XDH, EdDSA (https://github.com/bcgit/bc-csharp/issues/345).</li>
         </ul>
         <h5>Additional Notes</h5>
         <ul>
@@ -344,8 +402,10 @@ We state, where EC MQV has not otherwise been disabled or removed:
         </ul>
         <h5>Additional Features and Functionality</h5>
         <ul>
-            <li>A new TLS API (Org.BouncyCastle.Tls) now replaces the old one (Org.BouncyCastle.Crypto.Tls), which
-            should be considered obsolete. The new API includes support for TLS 1.3.</li>
+            <li>
+                A new TLS API (Org.BouncyCastle.Tls) now replaces the old one (Org.BouncyCastle.Crypto.Tls), which
+                should be considered obsolete. The new API includes support for TLS 1.3.
+            </li>
             <li>Added support for Format Preserving Encryption.</li>
             <li>Added support for ParallelHash and TupleHash.</li>
             <li>Added support for the ARIA cipher.</li>
@@ -535,8 +595,10 @@ We state, where EC MQV has not otherwise been disabled or removed:
                 These classes are used by our custom elliptic curve implementations (Org.BouncyCastle.Math.Ec.Custom.**), so there was the possibility
                 of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with
                 high probability by the output validation for our scalar multipliers. We consider these bugs to be exploitable for static ECDH with
-                long-term keys, per <a href="https://eprint.iacr.org/2011/633">"Practical realisation and elimination of an ECC-related software bug attack",
-                Brumley et.al.</a>
+                long-term keys, per <a href="https://eprint.iacr.org/2011/633">
+                    "Practical realisation and elimination of an ECC-related software bug attack",
+                    Brumley et.al.
+                </a>
             </li>
         </ul>
 
@@ -607,10 +669,12 @@ We state, where EC MQV has not otherwise been disabled or removed:
 
         <h5>IMPORTANT</h5>
         <ul>
-            <li>The Serpent cipher as of 1.8.0 is incompatible with the behaviour of Serpent in earlier releases; it has been
-            modified to conform to the standard byte-order interpretation for blocks (and keys). The previous behaviour is
-            available from 1.8.0 as the "Tnepres" cipher. See <a href="http://www.bouncycastle.org/jira/browse/BMA-52">BMA-52</a>
-            for more information if this may affect you.</li>
+            <li>
+                The Serpent cipher as of 1.8.0 is incompatible with the behaviour of Serpent in earlier releases; it has been
+                modified to conform to the standard byte-order interpretation for blocks (and keys). The previous behaviour is
+                available from 1.8.0 as the "Tnepres" cipher. See <a href="http://www.bouncycastle.org/jira/browse/BMA-52">BMA-52</a>
+                for more information if this may affect you.
+            </li>
         </ul>
 
         <h5>Additional Features and Functionality</h5>
@@ -628,8 +692,10 @@ We state, where EC MQV has not otherwise been disabled or removed:
             <li>DRBGs from NIST SP 800-90A (DualEC excluded) have been added to the Crypto.Prng namespace together with SecureRandom builders.</li>
             <li>Support has been added for OCB mode.</li>
             <li>DSA version 2 parameter and key generation is now supported.</li>
-            <li>A new interface IMemoable has been added for objects that can copy in and out their state. The digest classes now support this.
-            A special class NonMemoableDigest has been added which hides the IMemoable interface where it should not be available.</li>
+            <li>
+                A new interface IMemoable has been added for objects that can copy in and out their state. The digest classes now support this.
+                A special class NonMemoableDigest has been added which hides the IMemoable interface where it should not be available.
+            </li>
             <li>TDEA is now recognised as an alias for DESede.</li>
             <li>Support has been added for NIST SP 800-38D - GMAC to AES and other 128 bit block size algorithms.</li>
             <li>The TLS API now supports TLS/DTLS 1.2 for both client and server</li>
@@ -646,18 +712,24 @@ We state, where EC MQV has not otherwise been disabled or removed:
             <li>Support has been added for RFC 6979 Deterministic DSA/ECDSA.</li>
             <li>Support for the Poly1305 MAC has been added.</li>
             <li>GCM and GMAC now support tag lengths down to 32 bits.</li>
-            <li>Custom implementations for many of the NIST and SEC elliptic curves have been added, resulting in drastically improved performance. They
-            can be accessed via the Crypto.EC.CustomNamedCurves class and are generally selected by other internal APIs in place of the generic implementations.</li>
+            <li>
+                Custom implementations for many of the NIST and SEC elliptic curves have been added, resulting in drastically improved performance. They
+                can be accessed via the Crypto.EC.CustomNamedCurves class and are generally selected by other internal APIs in place of the generic implementations.
+            </li>
             <li>Automatic EC point validation added, both for decoded inputs and multiplier outputs.</li>
             <li>Support has been added for X9.31-1998 DRBG.</li>
-            <li>Support has been added for the SHA3 family of digests, including SHAKE128 and SHAKE256.
-            An implementation of the draft standard has been added as 'Keccak'.</li>
+            <li>
+                Support has been added for the SHA3 family of digests, including SHAKE128 and SHAKE256.
+                An implementation of the draft standard has been added as 'Keccak'.
+            </li>
             <li>The ASN.1 parser for ECGOST private keys will now parse keys encoded with a private value represented as an ASN.1 INTEGER.</li>
             <li>SubjectPublicKeyInfoFactory now supports DSA parameters.</li>
             <li>Improved performance of BigInteger.ModPow and random prime generation.</li>
             <li>SecureRandom instances now seeded by RNGCryptoServiceProvider (where available).</li>
-            <li>An initial port of the Java "operators" mechanism has been introduced to support overriding of cryptographic primitives
-            in high-level APIs e.g. for signing using an external provider.</li>
+            <li>
+                An initial port of the Java "operators" mechanism has been introduced to support overriding of cryptographic primitives
+                in high-level APIs e.g. for signing using an external provider.
+            </li>
         </ul>
         <h5>Additional Notes</h5>
         <ul>
@@ -671,226 +743,251 @@ We state, where EC MQV has not otherwise been disabled or removed:
             </li>
         </ul>
 
-		<H4><A class="mozTocH4" name="mozTocId85313"></A>Release 1.7, Thursday April 7, 2011</H4>
-<h5>Additional Features and Functionality</h5>
-<ul>
-<li>TLS now supports client authentication.</li>
-<li>TLS now supports compression.</li>
-<li>TLS now supports ECC cipher suites (RFC 4492).</li>
-<li>Library can now be built for Silverlight (2.0 and above).</li>
-<li>ASN.1 classes for CRMF (RFC 4211) and CMP (RFC 4210) have been added.</li>
-<li>Further performance improvements to GCM mode.</li>
-<li>BufferedBlockCipher will now always reset after a DoFinal().</li>
-<li>An IV can now be passed to an Iso9797Alg3Mac</li>
-</ul>
-<h5>Additional Notes</h5>
-<ul>
-<li>See list of resolved issues at
-<a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10110&sorter/field=issuekey&sorter/order=DESC">
-Bouncy Castle JIRA C# 1.7</a></li>
-</ul>
-		<H4><A class="mozTocH4" name="mozTocId85312"></A>Release 1.6.1, Monday February 8, 2010</H4>
-<ul>
-<li>A point release to rectify some problems with the released assembly of 1.6 version.</li>
-</ul>
-		<H4><A class="mozTocH4" name="mozTocId85311"></A>Release 1.6, Thursday February 4, 2010</H4>
-<h5>Defects Fixed</h5>
-<ul>
-<li>X509DefaultEntryConverter was not recognising telephone number as a PrintableString field. This has been fixed.</li>
-<li>OpenPGP now supports UTF-8 in file names for literal data.</li>
-</ul>
-<h5>Security Advisory</h5>
-<ul>
-<li>This version has been specifically reviewed to eliminate possible timing attacks on algorithms such as GCM and CCM mode.</li>
-</ul>
-<h5>Additional Features and Functionality</h5>
-<ul>
-<li>Support for PSS signatures has been added to CMS.</li>
-<li>SubjectKeyIdentifier now supports both methods specified in RFC 3280, section 4.2.1.2 for generating the identifier.</li>
-<li>Performance of GCM mode has been greatly improved (on average 10x).</li>
-<li>Support for mac lengths of 96, 104, 112, and 120 bits has been added to existing support for 128 bits in GCMBlockCipher.</li>
-<li>Support for raw signatures has been extended to RSA, RSA-PSS and ECDSA. RSA support can be used in CmsSignedDataStreamGenerator to support signatures without signed attributes.</li>
-<li>Support for EC MQV has been added to the light weight API and the CMS library.</li>
-</ul>
-<h5>Additional Notes</h5>
-<ul>
-<li>See list of resolved issues at
-<a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10100&sorter/field=issuekey&sorter/order=DESC">
-Bouncy Castle JIRA C# 1.6</a></li>
-</ul>
-		<H4><A class="mozTocH4" name="mozTocId85310"></A>Release 1.5, Tuesday August 18, 2009</H4>
-<h5>Defects Fixed</h5>
-<ul>
-<li>Correct the ASN.1 class for AuthorityInformationAccess.</li>
-<li>In the Bcpg libs, armored output now inserts the correct version string.</li>
-<li>EssCertIDv2 encoding now complies with RFC 5035.</li>
-<li>ECDSA now computes correct signatures for oversized hashes when the order of the base point is not a multiple of 8 in compliance with X9.62-2005.</li>
-<li>Standard name "DiffieHellman" is now supported in factory classes.</li>
-<li>Better support for equality tests for '#' encoded entries has been added to X509Name.</li>
-<li>'=' inside a X509Name was not being properly escaped. This has been fixed.</li>
-<li>ApplicationSpecific ASN.1 tags are now recognised in BER data. The GetObject() method now handles processing of arbitrary tags.</li>
-<li>Multiplication by negative powers of two is fixed in BigInteger.</li>
-<li>Multiple countersignature attributes are now correctly collected.</li>
-<li>Two bugs in HC-128 and HC-256 related to sign extension and byte swapping have been fixed. The implementations now pass the latest ecrypt vector tests.</li>
-</ul>
-<h5>Security Advisory</h5>
-<ul>
-<li>The effect of the sign extension bug was to decrease the key space the HC-128 and HC-256 ciphers were operating in and the byte swapping inverted every 32 bits of the generated stream. If you are using either HC-128 or HC-256 you must upgrade to this release.</li>
-</ul>
-<h5>Additional Features and Functionality</h5>
-<ul>
-<li>PKIX certificate path validation</li>
-<li>Accept duplicate PKCS#9 FriendlyName attributes in PKCS#12 keystore.</li>
-<li>Add support for PKCS#5 Scheme 2 keys.</li>
-<li>Camellia performance improved.</li>
-<li>A smaller version of Camellia, CamelliaLightEngine has also been added.</li>
-<li>CmsSignedData generation now supports SubjectKeyIdentifier as well as use of issuer/serial.</li>
-<li>A CMS PBE key holder for UTF8 keys has been added to the CMS API.</li>
-<li>Salt and iteration count can now be recovered from PasswordRecipientInformation.</li>
-<li>Support for reading and extracting personalised certificates in PGP Secret Key rings has been added.</li>
-<li>Support for EAC algorithms has been added to CMS.</li>
-<li>Asn1Dump now supports a verbose mode for displaying the contents of octet and bit strings.</li>
-<li>Support for the SRP-6a protocol has been added.</li>
-</ul>
-<h5>Additional Notes</h5>
-<ul>
-<li>See also the list of resolved issues at
-<a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10080&sorter/field=issuekey&sorter/order=DESC">
-Bouncy Castle JIRA C# 1.5</a></li>
-</ul>
-		<H4><A class="mozTocH4" name="mozTocId85309"></A>Release 1.4, Thursday August 8, 2008</H4>
-<h5>Defects Fixed</h5>
-<ul>
-<li>The GeneralName string constructor now supports IPv4 and IPv6 address parsing.</li>
-<li>EAX mode was not handling non-zero offsetted data correctly and failing. This has been fixed.</li>
-<li>EAX mode ciphers were not resetting correctly after a DoFinal/Reset. This has been fixed.</li>
-<li>Some boolean parameters to IssuingDistributionPoint were being reversed. This has been fixed.</li><li>A zero length RDN would cause an exception in an X509Name. This has been fixed.</li>
-<li>Specifying a greater than 32bit length for a stream and relying on the default BcpgOutputStream resulted in corrupted data. This has been fixed.</li>
-<li>Pkcs7Padding validation would not fail if pad length was 0. This has been fixed.</li>
-<li>Signature creation time was not being properly initialised in new V4 PGP signature objects although the encoding was correct. This has been fixed.</li>
-<li>The '+' character can now be escaped or quoted in the constructor for X509Name.</li>
-<li>IV handling in CMS for SEED and Camellia was incorrect. This has been fixed.</li>
-<li>ASN.1 stream parser now throws exceptions for unterminated sequences.</li>
-<li>X509CertificateParser/X509CrlParser now handle multiple certificates/CRLs in streams that don't support seeking.</li>
-<li>The CertID class used by the TSP library was incomplete. This has been fixed</li>
-<li>\# is now properly recognised in the X509Name class.</li>
-<li>BigInteger.ModInverse was failing for negative values. This has been fixed.</li>
-<li>CMS API now supports RSASSA-PSS signatures with explicit salt length.</li>
-</ul>
-<h5>Additional Features and Functionality</h5>
-<ul>
-<li>ASN.1 libs now support high tag numbers.</li>
-<li>Galois/Counter Mode (GCM) has been added.</li>
-<li>The TSP API now supports parsing and validation of responses with V2 signing certificate entries.</li>
-<li>Unnecessary local ID attributes on certificates in PKCS12 files are now automatically removed.</li>
-<li>New Pkcs12StoreBuilder class supports generation of PKCS12 files with both certificates and keys protected by 3DES.</li>
-<li>Certifications associated with user attributes can now be created, verified and removed in OpenPGP.</li>
-<li>API support now exists for CMS countersignature reading and production.</li>
-<li>A new class LazyAsn1InputStream supports lazy evaluation of DER sequences and sets, considerably reducing memory requirements in some scenarios.</li>
-<li>KeyPurposeId class has been updated for RFC 4945.</li>
-<li>Initial support has been added for HP_CERTIFICATE_REQUEST in the TLS API.</li>
-<li>PGP example programs now handle blank names in literal data objects.</li>
-<li>The ProofOfPossession class now better supports the underlying ASN.1 structure.</li>
-</ul>
-<h5>Additional Notes</h5>
-<ul>
-<li>Due to problems for some users caused by the presence of the IDEA algorithm, an implementation is no
-longer included in the default assembly. Only the assembly named BouncyCastle.CryptoExt now includes IDEA.</li>
-<li>See also the list of resolved issues at
-<a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10050&sorter/field=issuekey&sorter/order=DESC">
-Bouncy Castle JIRA C# 1.4</a></li>
-</ul>
-		<H4><A class="mozTocH4" name="mozTocId85308"></A>Release 1.3, Saturday December 8, 2007</H4>
-		<P>
-			ASN.1 stream parsing now handles definite length encodings efficiently.<br/>
-			Buffering in the streaming CMS has been reworked. Throughput is now usually higher and the behaviour is more predictable.<br/>
-			BcpgInputStream now handles data blocks in the 2**31-&gt;2**32-1 range.<br/>
-			Some confusion over the parameters J and L in connection with Diffie-Hellman has been resolved.<br/>
-			Added CryptoApiRandomGenerator, a wrapper for RNGCryptoServiceProvider.<br/>
-			Added VMPC stream cipher, VMPCMAC and a VMPC-based implementation of IRandomGenerator.<br/>
-			Added support in OpenPGP for fetching keyrings by case-insensitive user ID [#BMA-8].<br/>
-			Fixed a vulnerability of CMS signatures that do not use signed attributes (Bleichenbacher RSA forgery).<br/>
-			Fixed a bug causing second and later encrypted objects to be ignored in KeyBasedFileProcessor example.<br/>
-			Fixed case-sensitivity issue with deletion from a PKCS#12 file.<br/>
-			Fixed problem overwriting entities in a PKCS#12 file.<br/>
-			Fixed PgpUtilities.MakeKeyFromPassPhrase for 8-bit characters [#BMA-13].<br/>
-			Fixed duplicate certificate problem in Pkcs12Store.Save [#BMA-12].<br/>
-			Fixed NAnt build under Mono [#BMA-10].<br/>
-			Fixed BigInteger.ModPow for negative exponents [#BMA-7].<br/>
-		</P>
-		<H4><A class="mozTocH4" name="mozTocId85307"></A>Release 1.2, Thursday July 5, 2007</H4>
-		<P>
-			Source now builds on .NET Compact Framework 1.0 (compilation flag NETCF_1_0).<br/>
-			Release assembly now signed with a strong name.<br/>
-			Added CCM and EAX block cipher modes.<br/>
-			Added Noekeon block cipher.<br/>
-			Added HC-128, HC-256, and ISAAC stream ciphers.<br/>
-			Added RIPEMD160withECDSA signature algorithm.<br/>
-			Added support for notation data signature subpackets to OpenPGP.<br/>
-			Added support for parsing of experimental signatures to OpenPGP.<br/>
-			Added the complete set of SEC-2 EC curves.<br/>
-			Added support for implicit tagging to DerApplicationSpecific.<br/>
-			Added remaining ASN.1 structures from RFC 3126 to Asn1.Esf namespace.<br/>
-			Performance of ECDSA improved.<br/>
-			Performance of ASN.1 stream parsing improved.<br/>
-			Fixed default private key length for Diffie-Hellman parameters.<br/>
-			Fixed DerT61String to correctly support 8-bit characters.<br/>
-			Fixed duplicate attribute problem in Pkcs12Store.Save.<br/>
-			Fixed a problem writing public keys in OpenPGP [#BMA-5].<br/>
-		</P>
-		<H4><A class="mozTocH4" name="mozTocId85306"></A>Release 1.1, Friday May 4, 2007</H4>
-		<P>
-			Added support for writing DSA private keys, and more encodings, in OpenSsl 
-			(PemReader/PemWriter).<br/>
-			Removed SharpZipLib dependency.<br/>
-			Added RSA blinded signature classes.<br/>
-			Added Asn1.IsisMtt namespace (ISIS-MTT ASN.1 classes).<br/>
-			Added SEED block cipher engine.<br/>
-			Added Salsa20 stream cipher engine.<br/>
-			Performance optimisations for F2m elliptic curves.<br/>
-			Fixed OpenPGP bug decrypting files with multiple types of encryption on the 
-			session key.<br/>
-		</P>
-		<H4><A class="mozTocH4" name="mozTocId85305"></A>Release 1.0, Thursday January 18, 
-			2007</H4>
-		<P>
-			Implementations of CMS, OCSP, OpenPGP, and TSP.<br/>
-			Elliptic Curves (F2m and Fp).<br/>
-			A basic TLS client.<br/>
-			PEM file reading and writing.<br/>
-			Symmetric key algorithms: Camellia, GOST28147, NaccacheStern, and TEA/XTEA.<br/>
-			Symmetric key modes: GOFB and OpenPGPCFB.<br/>
-			Symmetric key paddings: ISO7816d4.<br/>
-			Asymmetric key algorithms: RSA blinding.<br/>
-			Digests: GOST3411 and Whirlpool.<br/>
-			Macs: GOST28147 and ISO9797 Alg 3.<br/>
-			Signer mechanisms: ECDSA, ECGOST3410, and GOST3410.<br/>
-			...and many more features, bug fixes, and performance improvements.<br/>
-		</P>
-		<H4><A class="mozTocH4" name="mozTocId85304"></A>Tuesday Febuary 1, 2005</H4>
-		<P>This is the second beta release of the Bouncy Castle API C# implementation.<br/>
-			Reliability improvement to ASN1InputStream.<br/>
-			The OID entries in SignerUtilities for RSA signature algorithms for SHA-256,<br/>
-			SHA-384, and SHA-512 were pointing creating the wrong signature objects.</P>
-		<h4><a class="mozTocH4" name="mozTocId498363"></a>Sunday December 12, 2004</h4>
-		This is the first beta release of the Bouncy Castle Cryptographic API C# 
-		implementation.<br/>
-		The Legion of the Bouncy Castle would like to extend their thanks to all those 
-		who contributed to this API during the alpha stages of its development.<br/>
-		Keep up the good work folks.<br/>
-		Please send any questions or bug reports to <a href="mailto:%5Cdev-crypto-csharp@bouncycastle.org">
-			dev-crypto-csharp@bouncycastle.org</a><br/>
-		<br/>
-		<hr style="WIDTH: 100%; HEIGHT: 2px">
-		<h3><a class="mozTocH3" name="mozTocId948186"></a>Trademarks.<br/>
-		</h3>
-		C#, .NET, and MSDN are Registered Trademarks of Microsoft. <a href="http://www.microsoft.com">
-			Microsoft.com</a><br/>
-		Java is a Registered Trademark of Sun Microsystems. <a href="http://www.sun.com">Sun 
-			Microsystems</a><br/>
-		<br/>
-		<br/>
-		<div style="TEXT-ALIGN: center">© 2007 Legion of the Bouncy Castle<br/>
-		</div>
-	</body>
+        <H4><A class="mozTocH4" name="mozTocId85313"></A>Release 1.7, Thursday April 7, 2011</H4>
+        <h5>Additional Features and Functionality</h5>
+        <ul>
+            <li>TLS now supports client authentication.</li>
+            <li>TLS now supports compression.</li>
+            <li>TLS now supports ECC cipher suites (RFC 4492).</li>
+            <li>Library can now be built for Silverlight (2.0 and above).</li>
+            <li>ASN.1 classes for CRMF (RFC 4211) and CMP (RFC 4210) have been added.</li>
+            <li>Further performance improvements to GCM mode.</li>
+            <li>BufferedBlockCipher will now always reset after a DoFinal().</li>
+            <li>An IV can now be passed to an Iso9797Alg3Mac</li>
+        </ul>
+        <h5>Additional Notes</h5>
+        <ul>
+            <li>
+                See list of resolved issues at
+                <a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10110&sorter/field=issuekey&sorter/order=DESC">
+                    Bouncy Castle JIRA C# 1.7
+                </a>
+            </li>
+        </ul>
+        <H4><A class="mozTocH4" name="mozTocId85312"></A>Release 1.6.1, Monday February 8, 2010</H4>
+        <ul>
+            <li>A point release to rectify some problems with the released assembly of 1.6 version.</li>
+        </ul>
+        <H4><A class="mozTocH4" name="mozTocId85311"></A>Release 1.6, Thursday February 4, 2010</H4>
+        <h5>Defects Fixed</h5>
+        <ul>
+            <li>X509DefaultEntryConverter was not recognising telephone number as a PrintableString field. This has been fixed.</li>
+            <li>OpenPGP now supports UTF-8 in file names for literal data.</li>
+        </ul>
+        <h5>Security Advisory</h5>
+        <ul>
+            <li>This version has been specifically reviewed to eliminate possible timing attacks on algorithms such as GCM and CCM mode.</li>
+        </ul>
+        <h5>Additional Features and Functionality</h5>
+        <ul>
+            <li>Support for PSS signatures has been added to CMS.</li>
+            <li>SubjectKeyIdentifier now supports both methods specified in RFC 3280, section 4.2.1.2 for generating the identifier.</li>
+            <li>Performance of GCM mode has been greatly improved (on average 10x).</li>
+            <li>Support for mac lengths of 96, 104, 112, and 120 bits has been added to existing support for 128 bits in GCMBlockCipher.</li>
+            <li>Support for raw signatures has been extended to RSA, RSA-PSS and ECDSA. RSA support can be used in CmsSignedDataStreamGenerator to support signatures without signed attributes.</li>
+            <li>Support for EC MQV has been added to the light weight API and the CMS library.</li>
+        </ul>
+        <h5>Additional Notes</h5>
+        <ul>
+            <li>
+                See list of resolved issues at
+                <a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10100&sorter/field=issuekey&sorter/order=DESC">
+                    Bouncy Castle JIRA C# 1.6
+                </a>
+            </li>
+        </ul>
+        <H4><A class="mozTocH4" name="mozTocId85310"></A>Release 1.5, Tuesday August 18, 2009</H4>
+        <h5>Defects Fixed</h5>
+        <ul>
+            <li>Correct the ASN.1 class for AuthorityInformationAccess.</li>
+            <li>In the Bcpg libs, armored output now inserts the correct version string.</li>
+            <li>EssCertIDv2 encoding now complies with RFC 5035.</li>
+            <li>ECDSA now computes correct signatures for oversized hashes when the order of the base point is not a multiple of 8 in compliance with X9.62-2005.</li>
+            <li>Standard name "DiffieHellman" is now supported in factory classes.</li>
+            <li>Better support for equality tests for '#' encoded entries has been added to X509Name.</li>
+            <li>'=' inside a X509Name was not being properly escaped. This has been fixed.</li>
+            <li>ApplicationSpecific ASN.1 tags are now recognised in BER data. The GetObject() method now handles processing of arbitrary tags.</li>
+            <li>Multiplication by negative powers of two is fixed in BigInteger.</li>
+            <li>Multiple countersignature attributes are now correctly collected.</li>
+            <li>Two bugs in HC-128 and HC-256 related to sign extension and byte swapping have been fixed. The implementations now pass the latest ecrypt vector tests.</li>
+        </ul>
+        <h5>Security Advisory</h5>
+        <ul>
+            <li>The effect of the sign extension bug was to decrease the key space the HC-128 and HC-256 ciphers were operating in and the byte swapping inverted every 32 bits of the generated stream. If you are using either HC-128 or HC-256 you must upgrade to this release.</li>
+        </ul>
+        <h5>Additional Features and Functionality</h5>
+        <ul>
+            <li>PKIX certificate path validation</li>
+            <li>Accept duplicate PKCS#9 FriendlyName attributes in PKCS#12 keystore.</li>
+            <li>Add support for PKCS#5 Scheme 2 keys.</li>
+            <li>Camellia performance improved.</li>
+            <li>A smaller version of Camellia, CamelliaLightEngine has also been added.</li>
+            <li>CmsSignedData generation now supports SubjectKeyIdentifier as well as use of issuer/serial.</li>
+            <li>A CMS PBE key holder for UTF8 keys has been added to the CMS API.</li>
+            <li>Salt and iteration count can now be recovered from PasswordRecipientInformation.</li>
+            <li>Support for reading and extracting personalised certificates in PGP Secret Key rings has been added.</li>
+            <li>Support for EAC algorithms has been added to CMS.</li>
+            <li>Asn1Dump now supports a verbose mode for displaying the contents of octet and bit strings.</li>
+            <li>Support for the SRP-6a protocol has been added.</li>
+        </ul>
+        <h5>Additional Notes</h5>
+        <ul>
+            <li>
+                See also the list of resolved issues at
+                <a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10080&sorter/field=issuekey&sorter/order=DESC">
+                    Bouncy Castle JIRA C# 1.5
+                </a>
+            </li>
+        </ul>
+        <H4><A class="mozTocH4" name="mozTocId85309"></A>Release 1.4, Thursday August 8, 2008</H4>
+        <h5>Defects Fixed</h5>
+        <ul>
+            <li>The GeneralName string constructor now supports IPv4 and IPv6 address parsing.</li>
+            <li>EAX mode was not handling non-zero offsetted data correctly and failing. This has been fixed.</li>
+            <li>EAX mode ciphers were not resetting correctly after a DoFinal/Reset. This has been fixed.</li>
+            <li>Some boolean parameters to IssuingDistributionPoint were being reversed. This has been fixed.</li>
+            <li>A zero length RDN would cause an exception in an X509Name. This has been fixed.</li>
+            <li>Specifying a greater than 32bit length for a stream and relying on the default BcpgOutputStream resulted in corrupted data. This has been fixed.</li>
+            <li>Pkcs7Padding validation would not fail if pad length was 0. This has been fixed.</li>
+            <li>Signature creation time was not being properly initialised in new V4 PGP signature objects although the encoding was correct. This has been fixed.</li>
+            <li>The '+' character can now be escaped or quoted in the constructor for X509Name.</li>
+            <li>IV handling in CMS for SEED and Camellia was incorrect. This has been fixed.</li>
+            <li>ASN.1 stream parser now throws exceptions for unterminated sequences.</li>
+            <li>X509CertificateParser/X509CrlParser now handle multiple certificates/CRLs in streams that don't support seeking.</li>
+            <li>The CertID class used by the TSP library was incomplete. This has been fixed</li>
+            <li>\# is now properly recognised in the X509Name class.</li>
+            <li>BigInteger.ModInverse was failing for negative values. This has been fixed.</li>
+            <li>CMS API now supports RSASSA-PSS signatures with explicit salt length.</li>
+        </ul>
+        <h5>Additional Features and Functionality</h5>
+        <ul>
+            <li>ASN.1 libs now support high tag numbers.</li>
+            <li>Galois/Counter Mode (GCM) has been added.</li>
+            <li>The TSP API now supports parsing and validation of responses with V2 signing certificate entries.</li>
+            <li>Unnecessary local ID attributes on certificates in PKCS12 files are now automatically removed.</li>
+            <li>New Pkcs12StoreBuilder class supports generation of PKCS12 files with both certificates and keys protected by 3DES.</li>
+            <li>Certifications associated with user attributes can now be created, verified and removed in OpenPGP.</li>
+            <li>API support now exists for CMS countersignature reading and production.</li>
+            <li>A new class LazyAsn1InputStream supports lazy evaluation of DER sequences and sets, considerably reducing memory requirements in some scenarios.</li>
+            <li>KeyPurposeId class has been updated for RFC 4945.</li>
+            <li>Initial support has been added for HP_CERTIFICATE_REQUEST in the TLS API.</li>
+            <li>PGP example programs now handle blank names in literal data objects.</li>
+            <li>The ProofOfPossession class now better supports the underlying ASN.1 structure.</li>
+        </ul>
+        <h5>Additional Notes</h5>
+        <ul>
+            <li>
+                Due to problems for some users caused by the presence of the IDEA algorithm, an implementation is no
+                longer included in the default assembly. Only the assembly named BouncyCastle.CryptoExt now includes IDEA.
+            </li>
+            <li>
+                See also the list of resolved issues at
+                <a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10050&sorter/field=issuekey&sorter/order=DESC">
+                    Bouncy Castle JIRA C# 1.4
+                </a>
+            </li>
+        </ul>
+        <H4><A class="mozTocH4" name="mozTocId85308"></A>Release 1.3, Saturday December 8, 2007</H4>
+        <P>
+            ASN.1 stream parsing now handles definite length encodings efficiently.<br />
+            Buffering in the streaming CMS has been reworked. Throughput is now usually higher and the behaviour is more predictable.<br />
+            BcpgInputStream now handles data blocks in the 2**31-&gt;2**32-1 range.<br />
+            Some confusion over the parameters J and L in connection with Diffie-Hellman has been resolved.<br />
+            Added CryptoApiRandomGenerator, a wrapper for RNGCryptoServiceProvider.<br />
+            Added VMPC stream cipher, VMPCMAC and a VMPC-based implementation of IRandomGenerator.<br />
+            Added support in OpenPGP for fetching keyrings by case-insensitive user ID [#BMA-8].<br />
+            Fixed a vulnerability of CMS signatures that do not use signed attributes (Bleichenbacher RSA forgery).<br />
+            Fixed a bug causing second and later encrypted objects to be ignored in KeyBasedFileProcessor example.<br />
+            Fixed case-sensitivity issue with deletion from a PKCS#12 file.<br />
+            Fixed problem overwriting entities in a PKCS#12 file.<br />
+            Fixed PgpUtilities.MakeKeyFromPassPhrase for 8-bit characters [#BMA-13].<br />
+            Fixed duplicate certificate problem in Pkcs12Store.Save [#BMA-12].<br />
+            Fixed NAnt build under Mono [#BMA-10].<br />
+            Fixed BigInteger.ModPow for negative exponents [#BMA-7].<br />
+        </P>
+        <H4><A class="mozTocH4" name="mozTocId85307"></A>Release 1.2, Thursday July 5, 2007</H4>
+        <P>
+            Source now builds on .NET Compact Framework 1.0 (compilation flag NETCF_1_0).<br />
+            Release assembly now signed with a strong name.<br />
+            Added CCM and EAX block cipher modes.<br />
+            Added Noekeon block cipher.<br />
+            Added HC-128, HC-256, and ISAAC stream ciphers.<br />
+            Added RIPEMD160withECDSA signature algorithm.<br />
+            Added support for notation data signature subpackets to OpenPGP.<br />
+            Added support for parsing of experimental signatures to OpenPGP.<br />
+            Added the complete set of SEC-2 EC curves.<br />
+            Added support for implicit tagging to DerApplicationSpecific.<br />
+            Added remaining ASN.1 structures from RFC 3126 to Asn1.Esf namespace.<br />
+            Performance of ECDSA improved.<br />
+            Performance of ASN.1 stream parsing improved.<br />
+            Fixed default private key length for Diffie-Hellman parameters.<br />
+            Fixed DerT61String to correctly support 8-bit characters.<br />
+            Fixed duplicate attribute problem in Pkcs12Store.Save.<br />
+            Fixed a problem writing public keys in OpenPGP [#BMA-5].<br />
+        </P>
+        <H4><A class="mozTocH4" name="mozTocId85306"></A>Release 1.1, Friday May 4, 2007</H4>
+        <P>
+            Added support for writing DSA private keys, and more encodings, in OpenSsl
+            (PemReader/PemWriter).<br />
+            Removed SharpZipLib dependency.<br />
+            Added RSA blinded signature classes.<br />
+            Added Asn1.IsisMtt namespace (ISIS-MTT ASN.1 classes).<br />
+            Added SEED block cipher engine.<br />
+            Added Salsa20 stream cipher engine.<br />
+            Performance optimisations for F2m elliptic curves.<br />
+            Fixed OpenPGP bug decrypting files with multiple types of encryption on the
+            session key.<br />
+        </P>
+        <H4>
+            <A class="mozTocH4" name="mozTocId85305"></A>Release 1.0, Thursday January 18,
+            2007
+        </H4>
+        <P>
+            Implementations of CMS, OCSP, OpenPGP, and TSP.<br />
+            Elliptic Curves (F2m and Fp).<br />
+            A basic TLS client.<br />
+            PEM file reading and writing.<br />
+            Symmetric key algorithms: Camellia, GOST28147, NaccacheStern, and TEA/XTEA.<br />
+            Symmetric key modes: GOFB and OpenPGPCFB.<br />
+            Symmetric key paddings: ISO7816d4.<br />
+            Asymmetric key algorithms: RSA blinding.<br />
+            Digests: GOST3411 and Whirlpool.<br />
+            Macs: GOST28147 and ISO9797 Alg 3.<br />
+            Signer mechanisms: ECDSA, ECGOST3410, and GOST3410.<br />
+            ...and many more features, bug fixes, and performance improvements.<br />
+        </P>
+        <H4><A class="mozTocH4" name="mozTocId85304"></A>Tuesday Febuary 1, 2005</H4>
+        <P>
+            This is the second beta release of the Bouncy Castle API C# implementation.<br />
+            Reliability improvement to ASN1InputStream.<br />
+            The OID entries in SignerUtilities for RSA signature algorithms for SHA-256,<br />
+            SHA-384, and SHA-512 were pointing creating the wrong signature objects.
+        </P>
+        <h4><a class="mozTocH4" name="mozTocId498363"></a>Sunday December 12, 2004</h4>
+        This is the first beta release of the Bouncy Castle Cryptographic API C#
+        implementation.<br />
+        The Legion of the Bouncy Castle would like to extend their thanks to all those
+        who contributed to this API during the alpha stages of its development.<br />
+        Keep up the good work folks.<br />
+        Please send any questions or bug reports to <a href="mailto:%5Cdev-crypto-csharp@bouncycastle.org">
+            dev-crypto-csharp@bouncycastle.org
+        </a><br />
+        <br />
+        <hr style="WIDTH: 100%; HEIGHT: 2px">
+        <h3>
+            <a class="mozTocH3" name="mozTocId948186"></a>Trademarks.<br />
+        </h3>
+        C#, .NET, and MSDN are Registered Trademarks of Microsoft. <a href="http://www.microsoft.com">
+            Microsoft.com
+        </a><br />
+        Java is a Registered Trademark of Sun Microsystems. <a href="http://www.sun.com">
+            Sun
+            Microsystems
+        </a><br />
+        <br />
+        <br />
+        <div style="TEXT-ALIGN: center">
+            © 2007 Legion of the Bouncy Castle<br />
+        </div>
+    </body>
 </html>