1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Notes</title>
<meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">
</head>
<body>
<h2><a class="mozTocH2" name="mozTocId533031"></a>The Bouncy Castle C# Cryptographic API</h2>
<h3><a class="mozTocH3" name="mozTocId685176"></a>Contents:<br /></h3>
<ol id="mozToc">
<!--mozToc h1 1 h2 2 h3 3 h4 4 h5 5 h6 6-->
<li>
<a href="#mozTocId533031">The Bouncy Castle Cryptographic C#� API</a>
<ol>
<li>
<ol>
<li>
<a href="#mozTocId685176">Contents: </a>
<li>
<a href="#mozTocId66345">License & Contributors:</a>
<li>
<a href="#mozTocId575388">Features:</a>
<li>
<a href="#mozTocId211208">How To Build.</a>
<li>
<a href="#mozTocId245743">The Source:</a>
<li>
<a href="#mozTocId326820">Documentation:</a>
<li>
<a href="#mozTocId358608">For first time users.</a>
<li>
<a href="#mozTocId3413">Notes:</a>
<ol>
<li>
<a href="#mozTocId85331">Release 2.3.0</a>
<li>
<a href="#mozTocId85330">Release 2.2.1</a>
<li>
<a href="#mozTocId85329">Release 2.2.0</a>
<li>
<a href="#mozTocId85328">Release 2.1.1</a>
<li>
<a href="#mozTocId85327">Release 2.1.0</a>
<li>
<a href="#mozTocId85326">Release 2.0.0</a>
<li>
<a href="#mozTocId85325">Release 1.9.0</a>
<li>
<a href="#mozTocId85324">Release 1.8.10</a>
<li>
<a href="#mozTocId85323">Release 1.8.9</a>
<li>
<a href="#mozTocId85322">Release 1.8.8</a>
<li>
<a href="#mozTocId85321">Release 1.8.7</a>
<li>
<a href="#mozTocId85320">Release 1.8.6</a>
<li>
<a href="#mozTocId85319">Release 1.8.5</a>
<li>
<a href="#mozTocId85318">Release 1.8.4</a>
<li>
<a href="#mozTocId85317">Release 1.8.3</a>
<li>
<a href="#mozTocId85316">Release 1.8.2</a>
<li>
<a href="#mozTocId85315">Release 1.8.1</a>
<li>
<a href="#mozTocId85314">Release 1.8.0</a>
<li>
<a href="#mozTocId85313">Release 1.7</a>
<li>
<a href="#mozTocId85312">Release 1.6.1</a>
<li>
<a href="#mozTocId85311">Release 1.6</a>
<li>
<a href="#mozTocId85310">Release 1.5</a>
<li>
<a href="#mozTocId85309">Release 1.4</a>
<li>
<a href="#mozTocId85308">Release 1.3</a>
<li>
<a href="#mozTocId85307">Release 1.2</a>
<li>
<a href="#mozTocId85306">Release 1.1</a>
<li>
<a href="#mozTocId85305">Release 1.0</a>
<li>
<a href="#mozTocId85304">Tuesday Febuary 1, 2005</a>
<li>
<a href="#mozTocId498363">Sunday December 12, 2004</a>
</li>
</ol>
<li>
<a href="#mozTocId948186">Trademarks. </a>
</li>
</ol>
</li>
</ol>
</li>
</ol>
<br />
<hr style="WIDTH: 100%; HEIGHT: 2px">
<h3><a class="mozTocH3" name="mozTocId66345"></a>License & Contributors:</h3>
See <a href="License.html">License</a> & <a href="Contributors.html">Contributors</a>
files.<br />
<br />
<hr style="WIDTH: 100%; HEIGHT: 2px">
<h3><a class="mozTocH3" name="mozTocId66345"></a>Patents:</h3>
<p>
Some of the algorithms in the Bouncy Castle APIs are patented in some places. It is up to the user of the library to be aware
of their own legal situation, however we have been asked to specifically mention the patents below, in the following terms,
at the request of the patent holder.
</p>
<p>
The BC distribution contains implementations of EC MQV as described in RFC 5753, "Use of ECC Algorithms in CMS". In line with the conditions in:
</p><p>
<a href="http://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf">http://www.ietf.org/ietf-ftp/IPR/certicom-ipr-rfc-5753.pdf</a>
</p><p>
We state, where EC MQV has not otherwise been disabled or removed:
"The use of this product or service is subject to the reasonable, non-discriminatory terms in the Intellectual Property Rights (IPR) Disclosures of Certicom Corp. at the IETF for Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) implemented in the product or service."
</p>
<br />
<hr style="WIDTH: 100%; HEIGHT: 2px">
<br />
<h3><a class="mozTocH3" name="mozTocId575388"></a>Features:</h3>
<ul>
<li>
Generation and parsing of PKCS-12 files.
</li>
<li>
X.509: Generators and parsers for V1 and V3 certificates, V2 CRLs and attribute
certificates.
</li>
<li>
PBE algorithms supported by PbeUtilities: PBEwithMD2andDES-CBC,
PBEwithMD2andRC2-CBC, PBEwithMD5andDES-CBC, PBEwithMD5andRC2-CBC,
PBEwithSHA1andDES-CBC, PBEwithSHA1andRC2-CBC, PBEwithSHA-1and128bitRC4,
PBEwithSHA-1and40bitRC4, PBEwithSHA-1and3-keyDESEDE-CBC,
PBEwithSHA-1and2-keyDESEDE-CBC, PBEwithSHA-1and128bitRC2-CBC,
PBEwithSHA-1and40bitRC2-CBC, PBEwithHmacSHA-1, PBEwithHmacSHA-224,
PBEwithHmacSHA-256, PBEwithHmacRIPEMD128, PBEwithHmacRIPEMD160, and
PBEwithHmacRIPEMD256.
</li>
<li>
Signature algorithms supported by SignerUtilities: MD2withRSA, MD4withRSA,
MD5withRSA, RIPEMD128withRSA, RIPEMD160withECDSA, RIPEMD160withRSA,
RIPEMD256withRSA, SHA-1withRSA, SHA-224withRSA, SHA-256withRSAandMGF1,
SHA-384withRSAandMGF1, SHA-512withRSAandMGF1, SHA-1withDSA, and SHA-1withECDSA.
</li>
<li>
Symmetric key algorithms: AES, Blowfish, Camellia, CAST5, CAST6, ChaCha, DES, DESede,
GOST28147, HC-128, HC-256, IDEA, ISAAC, Noekeon, RC2, RC4, RC5-32, RC5-64, RC6, Rijndael,
Salsa20, SEED, Serpent, Skipjack, SM4, TEA/XTEA, Threefish, Tnepres, Twofish, VMPC and XSalsa20.
</li>
<li>
Symmetric key modes: CBC, CFB, CTS, GOFB, OFB, OpenPGPCFB, and SIC (or CTR).
</li>
<li>
Symmetric key paddings: ISO10126d2, ISO7816d4, PKCS-5/7, TBC, X.923, and Zero
Byte.
</li>
<li>
Asymmetric key algorithms: ElGamal, DSA, ECDSA, NaccacheStern and RSA (with blinding).
</li>
<li>
Asymmetric key paddings/encodings: ISO9796d1, OAEP, and PKCS-1.
</li>
<li>
AEAD block cipher modes: CCM, EAX, GCM and OCB.
</li>
<li>
Digests: GOST3411, Keccak, MD2, MD4, MD5, RIPEMD128, RIPEMD160, RIPEMD256, RIPEMD320,
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3, SM3, Tiger, and Whirlpool.
</li>
<li>
XOFs: SHAKE.
</li>
<li>
Signer mechanisms: DSA, ECDSA, ECGOST3410, ECNR, Ed25519, Ed448, GOST3410, ISO9796d2, PSS, RSA, X9.31-1998.
</li>
<li>
Key Agreement: Diffie-Hellman, EC-DH, EC-MQV, J-PAKE, SRP-6a, X25519, X448.
</li>
<li>
Macs: CBCBlockCipher, CFBBlockCipher, CMAC, GMAC, GOST28147, HMac, ISO9797 Alg. 3, Poly1305, SipHash, SkeinMac, VMPCMAC.
</li>
<li>
PBE generators: PKCS-12, and PKCS-5 - schemes 1 and 2.
</li>
<li>
OpenPGP (RFC 4880)
</li>
<li>
Cryptographic Message Syntax (CMS, RFC 3852), including streaming API.
</li>
<li>
Online Certificate Status Protocol (OCSP, RFC 2560).
</li>
<li>
Time Stamp Protocol (TSP, RFC 3161).
</li>
<li>
TLS/DTLS client/server up to version 1.2, with support for the most common ciphersuites and extensions,
and many less common ones. Non-blocking API available.
</li>
<li>
Elliptic Curve Cryptography: support for generic F2m and Fp curves, high-performance custom implementations
for many standardized curves.
</li>
<li>
Reading/writing of PEM files, including RSA and DSA keys, with a variety of
encryptions.
</li>
<li>PKIX certificate path validation</li>
</ul>
<br />
<p>
<b>Porting notes from the old ASN.1 library</b> For the most part code using the
old subset of ASN.1 classes should be easy to transfer, providing the following
changes are made:
</p>
<ul>
<li>
DERObject becomes Asn1Object
</li>
<li>
DEREncodable becomes Asn1Encodable
</li>
<li>
GetDERObject() becomes ToAsn1Object()
</li>
<li>
BERConstructedOctetString becomes BerOctetString
</li>
<li>
If you were using the older mutable DERConstructedSequence/Set and
BERConstructedSequence, use an Asn1EncodableVector in conjunction with
DerSequence/Set and BerSequence
</li>
<li>
BERInputStream and DERInputStream are replaced with Asn1InputStream
</li>
<li>
AsymmetricKeyParameter is now in the Org.Bouncycastle.Crypto namespace
</li>
</ul>
<br />
<hr style="WIDTH: 100%; HEIGHT: 2px">
<h3><a class="mozTocH3" name="mozTocId211208"></a>How To Build.</h3>
<p>
(NOTE: This build system is essentially obsolete and will be withdrawn after the 1.8 series. We have
introduced MSBuild project files which will probably be a preferred option if you want to build yourself.)
</p>
<p>
The BC C# API uses NAnt (<a href="http://nant.sourceforge.net/">http://nant.sourceforge.net</a>)
to provide a platform independent build environment (suggested version NAnt 0.90).
There is also a solution file for Visual Studio, and for MonoDevelop. The API works
with .NET Framework 1.1 and above. It has been successfully built and tested with Mono
versions from 1.1.13 onwards. The source code can be built for .NET Compact Framework 1.0
by setting the compilation flag NETCF_1_0, or .NET Compact Framework 2.0 by setting NETCF_2_0,
or Silverlight 2 by setting SILVERLIGHT.
</p>
Using a command prompt (DOS window), cd into the 'crypto' folder of this
distribution.<br />
<br />
<span style="FONT-WEIGHT: bold">Use,</span><br />
<ul>
<li>
'<span style="FONT-WEIGHT: bold">nant</span>' without arguments to compile
debug code, the tests and run the tests.
</li>
<li>
'<span style="FONT-WEIGHT: bold">nant compile-release</span>' to compile
release code.
</li>
<li>
'<span style="FONT-WEIGHT: bold">nant compile-debug</span>' to compile
debug code.
</li>
<li>
'<SPAN style="FONT-WEIGHT: bold">nant test</SPAN>' to run the included unit
tests (using NUnit; you may need to edit the build file to set the location
where NUnit is installed).
</li>
</ul>
<P>
<span style="FONT-WEIGHT: bold">Output:</span><br />
<br />
The compiled API can be found in the 'api/bin/release' &
'api/bin/debug' directories.<br />
The compiled tests can be found in the 'test/bin' directory
(by default a debug build is used for testing).<br />
<P>
<hr style="WIDTH: 100%; HEIGHT: 2px">
<P></P>
<h3><a class="mozTocH3" name="mozTocId245743"></a><span style="FONT-WEIGHT: bold">The Source:</span></h3>
The main source code can be found in the 'src' directory.<br />
<br />
<hr style="WIDTH: 100%; HEIGHT: 2px">
<h3><a class="mozTocH3" name="mozTocId326820"></a><span style="FONT-WEIGHT: bold"></span>Documentation:</h3>
<p>
There is limited documentation available at the moment. Some of the source contains XML comments,
but this is a work in progress. We welcome contributions of documentation, which often requires only
formatting changes from the corresponding javadoc in the Java API.
</p>
<P>
<hr style="WIDTH: 100%; HEIGHT: 2px">
<P></P>
<h3><a class="mozTocH3" name="mozTocId358608"></a>For first time users.</h3>
<span style="FONT-WEIGHT: bold">Java� heritage,</span><br />
<br />
The Bouncy Castle C# API is a port of the Bouncy Castle Java APIs.
Approximately %80 of the functionality in the Java build has now been ported.
For the most part, the naming conventions of the .NET platform have been
adopted. The C# API is constantly kept uptodate with bug fixes and new test
cases from the Java build (and vice versa sometimes), thus benefitting from the
large user base and real-world use the Java version has seen.<br />
<br />
<span style="FONT-WEIGHT: bold">Please consider.</span><br />
<br />
The Bouncy Castle C# API is a library of transformations that when combined properly will enable
developers to create standard conforming cryptographic systems. In order to use this API you must have
some knowledge of how to build cryptographic systems, namely what transformations to use and the when,
where and why of their use. Developing good cryptographic systems takes practice and understanding.<br />
<br />
There are many resources available online and in book shops; please use those to your advantage.<br />
<br />
<hr style="WIDTH: 100%; HEIGHT: 2px">
<h3><a class="mozTocH3" name="mozTocId3413"></a>Notes:</h3>
<h4><a class="mozTocH4" name="mozTocId85331"></a>Release 2.3.0, Monday February 5, 2024</h4>
<h5>Defects Fixed</h5>
<ul>
<li>AsconEngine: Fixed a buffering bug when decrypting across multiple ProcessBytes calls (ascon128a unaffected).</li>
<li>DTLS: Fixed an exception during server handshake when 1.2 is negotiated and the ClientHello contained no extensions.</li>
<li>HC128Engine now strictly requires 128 bits of IV.</li>
<li>DTLS: Fixed server support for client_certificate_type extension.</li>
<li>DTLS: Fixed retransmission in response to re-receipt of an aggregated ChangeCipherSpec.</li>
<li>SM2Signer: Fixed to support reuse (i.e. auto-reset after GenerateSignature or VerifySignature).</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>DTLS: Significantly improved performance of DtlsVerifier.</li>
<li>Added Rfc5649WrapEngine.</li>
<li>
ASN.1: Added support for "DL" encoding (Asn1Encodable.DL), which is like BER except that encodings always use
the definite-length form.
</li>
<li>Added support for PBE SHA-384 and SHA-512 HMAC algorithms, e.g. in Pkcs12Store.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85330"></a>Release 2.2.1, Friday April 21, 2023</h4>
<h5>Defects Fixed</h5>
<ul>
<li>Due to a defect in the build process, the 2.2.0 release assembly was not optimized. This has been rectified.</li>
<li>Fixed a regression in GcmBlockCipher that reduced the output limit to ~2^31 blocks instead of ~2^32 (net60 unaffected).</li>
<li>Fixed incomplete DTLS 1.2 Connection ID support for the case of a block cipher being negotiated with the encrypt_then_mac extension (net60 unaffected).</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85329"></a>Release 2.2.0, Monday April 17, 2023</h4>
<h5>Defects Fixed</h5>
<ul>
<li>Fixed non-8-aligned IPv4 netmask parsing.</li>
<li>Fixed the ParallelHash copy constructor.</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>Fixed rethrow syntax across the project, which should give more informative stack traces where relevant.</li>
<li>Added support for generating/validating alternative signatures for certificates and CRLs.</li>
<li>RFC 9146: Added support for connection ID to DTLS.</li>
<li>Initial DTLS handshake resend time is now configurable.</li>
<li>Added utilities to support generation and parsing of OpenSSH public and private key formats.</li>
<li>The assemblies within the NuGet package are now also codesigned.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85328"></a>Release 2.1.1, Saturday February 18, 2023</h4>
<p>
This is a hotfix release to fix the missing symbols for the 2.1.0 release.
We have now added an snupkg with symbols, enabled SourceLink, and made the build deterministic.
There was no change to functionality.
</p>
<h4><a class="mozTocH4" name="mozTocId85327"></a>Release 2.1.0, Saturday February 18, 2023</h4>
<h5>Defects Fixed</h5>
<ul>
<li>Fixed a rounding issue with FF1 Format Preserving Encryption algorithm for certain radices.</li>
<li>Fixed RFC3394WrapEngine handling of 64 bit keys.</li>
<li>PkixCertPathValidator: fixed fetching of DateOfCertGen extension.</li>
<li>
PkixCertPathValidator: correctly remove ExtendedKeyUsage from critical extensions
(https://github.com/bcgit/bc-csharp/issues/395).
</li>
<li>PkixNameConstraintValidator: fixed special handling of 'serialNumber' in RDNs.</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>The BIKE implementation has been updated according to the NIST PQC Round 4 modifications.</li>
<li>The HQC implementation has been updated according to the NIST PQC Round 4 modifications.</li>
<li>
EdDSA verification now conforms to the recommendations of
<a href="https://ia.cr/2020/1244">Taming the many EdDSAs</a>, in particular cofactored verification.
As a side benefit, <a href="https://ia.cr/2020/454">Pornin's basis reduction</a> is now used for EdDSA
verification, giving a significant performance boost.
</li>
<li>Major performance improvements for Anomalous Binary (Koblitz) Curves.</li>
<li>Added implementations of <a href="https://ascon.iaik.tugraz.at/">Ascon</a> AEAD, Hash and XOF algorithms.</li>
<li>Added AriaWrapEngine, an implementation of RFC 3394 wrapping for the ARIA cipher.</li>
<li>
User customization of the GCM multiplier has been obsoleted. We recommend no longer supplying a custom
multiplier to GcmBlockCipher.
</li>
<li>
Several large properties files used by the PQC algorithms have been compressed in order to reduce the
size of the assembly.
</li>
<li>Debug symbols have been extracted to a separate snupkg package.</li>
<li>Major performance improvements for GCM bulk processing when Pclmulqdq, Ssse3 intrinsics available.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85326"></a>Release 2.0.0, Tuesday November 15, 2022</h4>
<p>
With this release we have finally moved to building for modern .NET versions (directly targeted frameworks:
net461, netstandard2.0, net6.0), and distributing using NuGet (package name BouncyCastle.Cryptography).
We have also adopted <a href="https://semver.org/">Semantic Versioning 2.0.0</a> for package versioning.
</p>
<p>
There are backward compatibility breaks with this release, but they are minor and the overall process of
migrating from either Release 1.9.0 (or
<a href="https://www.nuget.org/packages/Portable.BouncyCastle">Portable.BouncyCastle</a>) should be smooth
for most users. The legacy TLS implementation (Org.BouncyCastle.Crypto.Tls) has been removed and users
should migrate to the new implementation (Org.BouncyCastle.Tls).
</p>
<h5>Dedication</h5>
<p>
This release is dedicated to <a href="https://github.com/clairernovotny">Claire Novotny</a>, who has been
keeping the project alive for the past several years in the form of the
<a href="https://www.nuget.org/packages/Portable.BouncyCastle">Portable.BouncyCastle</a> NuGet package.
</p>
<h5>IMPORTANT</h5>
<ul>
<li>This release uses a new strong name from earlier versions (and other NuGet packages derived from them).</li>
<li>This release is now signed by "Legion of the Bouncy Castle Inc.".</li>
</ul>
<h5>Defects Fixed</h5>
<ul>
<li>Fixed TLS 1.3 Export Keying Material (https://github.com/bcgit/bc-java/issues/1133).</li>
<li>BasicOcspResponseGenerator now allows nullable 'nextUpdate' (https://github.com/bcgit/bc-csharp/issues/371).</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>
When using the net6.0 version, several algorithms have been accelerated using intrinsics, most notably
AES, Chacha, Haraka, and GCM. So far this is limited to X86; Arm code will follow in future versions.
The current usages are opportunistic i.e. constrained by the existing public API in what they can achieve.
Use Org.BouncyCastle.Crypto.AesUtilities.CreateEngine() (instead of new AesEngine) to get an accelerated
AES engine if available.
</li>
<li>
Added implementations of the following NIST Post-Quantum Cryptography Standardization algorithms:
CRYSTALS-Dilithium, CRYSTALS-Kyber, Falcon, SPHINCS+, Classic McEliece, FrodoKEM, NTRU, NTRU Prime,
Picnic, Saber, BIKE, and SIKE. These should all be considered EXPERIMENTAL and subject to change or
removal. SIKE in particular is already slated for removal and should be used for research purposes only.
</li>
<li>
Many APIs have now added variants of existing methods to enable use of
<a href="https://learn.microsoft.com/en-us/dotnet/api/system.span-1">Span</a> (only available in the
net6.0 version).
</li>
<li>The library has been converted to use generic collections throughout.</li>
<li>
(D)TLS: By default, only (D)TLS 1.2 and TLS 1.3 are offered now. Earlier versions are still supported
if explicitly enabled. Users may need to check they are offering suitable cipher suites for TLS 1.3.
</li>
<li>(D)TLS: RFC 9266 'tls-exporter' channel binding.</li>
<li>(D)TLS: RFC 7250 Raw Public Keys.</li>
<li>Added ASN.1 support for the Relative Object Identifier type.</li>
<li>Support additional input in deterministic (EC)DSA.</li>
<li>BigInteger can now export directly to uint[] in either big- or little-endian formats.</li>
<li>Added basic support for JKS keystores.</li>
<li>Added support for the Blake2xs and Blake3 digests.</li>
<li>OpenPGP: added support for XDH, EdDSA (https://github.com/bcgit/bc-csharp/issues/345).</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85325"></a>Release 1.9.0, Sunday October 17, 2021</h4>
<h5>Defects Fixed</h5>
<ul>
<li>Key sizes are now checked strictly in TwofishEngine.</li>
<li>Fixed bzip2 compression of empty contents.</li>
<li>Handle CRL with no NextUpdate properly during CertPath validation.</li>
<li>Skip marker packets when reading various PGP data.</li>
<li>Ignore PGP signatures with invalid version.</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>
A new TLS API (Org.BouncyCastle.Tls) now replaces the old one (Org.BouncyCastle.Crypto.Tls), which
should be considered obsolete. The new API includes support for TLS 1.3.
</li>
<li>Added support for Format Preserving Encryption.</li>
<li>Added support for ParallelHash and TupleHash.</li>
<li>Added support for the ARIA cipher.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85324"></a>Release 1.8.10, Tuesday February 16, 2021</h4>
<h5>Defects Fixed</h5>
<ul>
<li>Fixed CMS signature verification for RSASSA-PSS when signed attributes are not present.</li>
<li>The output size for SHAKE128 (SHAKE256) when used as a fixed-length digest is now 256 (512) bits (also applies to cSHAKE).</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85323"></a>Release 1.8.9, Tuesday December 8, 2020</h4>
<h5>Defects Fixed</h5>
<ul>
<li>The TimeStampToken generator is now using PkcsObjectIdentifiers.IdAASigningCertificateV2 for the generating SigningCertificateV2.</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>Added cSHAKE digest and KMAC.</li>
<li>Added support for PKCS#5 Scheme 2 to Pkcs12Store.</li>
<li>Improved performance for GCM.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85322"></a>Release 1.8.8, Monday September 21, 2020</h4>
<h5>Additional Features and Functionality</h5>
<ul>
<li>Updated TimeStampTokenGenerator from bc-java.</li>
<li>Improved performance for constant-time modular inversion ("safegcd").</li>
<li>Improved performance for binary EC fields.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85321"></a>Release 1.8.7, Thursday July 30, 2020</h4>
<h5>Defects Fixed</h5>
<ul>
<li>ChaCha20Poly1305 could fail for large (>~2GB) files. This has been fixed.</li>
<li>EdDSA verifiers now reset correctly after rejecting overly long signatures.</li>
<li>DTLS: Fixed infinite loop on IO exceptions.</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>DTLS: Retransmission timers now properly apply to flights monolithically.</li>
<li>DTLS: Added support for an overall handshake timeout.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85320"></a>Release 1.8.6, Friday February 21, 2020</h4>
<h5>Defects Fixed</h5>
<ul>
<li>EdDSA verifiers now reject overly long signatures.</li>
<li>Fixed field reduction for custom secp128r1 curve.</li>
<li>ASN.1: Enforce no leading zeroes in OID branches (longer than 1 character).</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>TLS: BasicTlsPskIdentity now reusable (returns cloned array from GetPsk).</li>
<li>Improved performance for multiple ECDSA verifications using same public key.</li>
<li>Support has been added for ChaCha20-Poly1305 AEAD mode from RFC 7539.</li>
<li>PKCS12: Improved support for certificate-only key stores without password.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85319"></a>Release 1.8.5, Thursday January 31, 2019</h4>
<h5>Additional Features and Functionality</h5>
<ul>
<li>Support added for encoding and decoding of GOST3410-2012 keys</li>
<li>Basic support added for CMP (RFC 4210) and CRMF (RFC 4211), including the PKI archive control.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85318"></a>Release 1.8.4, Saturday October 27, 2018</h4>
<h5>IMPORTANT</h5>
<ul>
<li>
This is the final feature release with support for legacy .NET platforms. From 1.9.0 we will be targeting more
modern .NET frameworks (see https://github.com/bcgit/bc-csharp/pull/68) and updating our build and packaging systems.
The 1.8.x series will continue to receive bug fixes, but limited new functionality.
</li>
</ul>
<h5>Defects Fixed</h5>
<ul>
<li>Rfc3211WrapEngine would not properly handle messages longer than 127 bytes. This has been fixed.</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>Restrictions on the output sizes of the Blake2b/s digests have been removed.</li>
<li>RFC 7748: Higher-level support for X25519 and X448 has been added.</li>
<li>RFC 8032: Higher-level support for Ed25519 and Ed448 has been added.</li>
<li>Implementation of the SM4 block cipher has been added.</li>
<li>Added support for Plain ECDSA (a.k.a CVC-ECDSA).</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85317"></a>Release 1.8.3, Saturday August 11, 2018</h4>
<h5>IMPORTANT</h5>
<ul>
<li>
In this release, the TLS library has moved to a whitelisting approach for client-side validation of server-presented
Diffie-Hellman (DH) parameters. In the default configuration, if a ciphersuite using ephemeral DH is selected by the
server, the client will abort the handshake if the proposed DH group is not one of those specified in RFC 3526 or RFC 7919,
or if the DH prime is < 2048 bits. The client therefore no longer offers DH ciphersuites by default. See also the paper
<a href="https://eprint.iacr.org/2018/749">"Prime and Prejudice: Primality Testing Under Adversarial Conditions"</a>.
</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>Further work has been done on improving SHA-3 performance.</li>
<li>EC key generation and signing now use cache-timing resistant table lookups.</li>
<li>RFC 7748: Added low-level implementations of X25519 and X448.</li>
<li>RFC 8032: Added low-level implementations of Ed25519 and Ed448.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85316"></a>Release 1.8.2, Monday April 9, 2018</h4>
<h5>Security Advisory</h5>
<ul>
<li>
Carry propagation bugs in the implementation of squaring for several raw math classes have been fixed (Org.BouncyCastle.Math.Raw.Nat???).
These classes are used by our custom elliptic curve implementations (Org.BouncyCastle.Math.Ec.Custom.**), so there was the possibility
of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with
high probability by the output validation for our scalar multipliers. We consider these bugs to be exploitable for static ECDH with
long-term keys, per <a href="https://eprint.iacr.org/2011/633">
"Practical realisation and elimination of an ECC-related software bug attack",
Brumley et.al.
</a>
</li>
</ul>
<h5>IMPORTANT</h5>
<ul>
<li>
This release brings our Poly1305 implementation into line wih RFC 7539, which breaks backward compatibility. The essential
difference from 1.8.1 is that the two halves of the 32-byte Poly1305 key have swapped places. If you have persisted Poly1305
keys, or are interoperating with other Poly1305 implementations, you may need to account for this change when migrating to 1.8.2.
</li>
</ul>
<h5>Defects Fixed</h5>
<ul>
<li>DTLS now supports records containing multiple handshake messages.</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>TLS: support for ClientHello Padding Extension (RFC 7685).</li>
<li>TLS: support for ECDH_anon key exchange.</li>
<li>BCrypt implementation added.</li>
<li>BLAKE2b and BLAKE2s implementations added.</li>
<li>GOST R 34.11-2012 implementation added.</li>
<li>DSTU-7564 message digest implementation added.</li>
<li>SM2 signatures, key exchange, and public key encryption implementations added.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85315"></a>Release 1.8.1, Monday December 28, 2015</h4>
<h5>Security Advisory</h5>
<ul>
<li>
(D)TLS 1.2: Motivated by <a href="https://www.google.com/search?q=CVE-2015-7575">CVE-2015-7575</a>, we have added validation that
the signature algorithm received in DigitallySigned structures is actually one of those offered (in signature_algorithms extension
or CertificateRequest). With our default TLS configuration, we do not believe there is an exploitable vulnerability in any earlier
releases. Users that are customizing the signature_algorithms extension, or running a server supporting client authentication, are
advised to double-check that they are not offering any signature algorithms involving MD5.
</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>Added support for ASN.1 GraphicString and VideotexString types.</li>
<li>
Problems with DTLS record-layer version handling were resolved via <a href="http://www.bouncycastle.org/jira/browse/BJA-584">BJA-584</a>,
making version negotiation work properly.
</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See list of resolved issues at
<a href="http://www.bouncycastle.org/jira/secure/ReleaseNote.jspa?projectId=10001&version=10510">Bouncy Castle JIRA C# 1.8.1</a>.
</li>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<h4><a class="mozTocH4" name="mozTocId85314"></a>Release 1.8.0, Sunday November 22, 2015</h4>
<h5>IMPORTANT</h5>
<ul>
<li>
The Serpent cipher as of 1.8.0 is incompatible with the behaviour of Serpent in earlier releases; it has been
modified to conform to the standard byte-order interpretation for blocks (and keys). The previous behaviour is
available from 1.8.0 as the "Tnepres" cipher. See <a href="http://www.bouncycastle.org/jira/browse/BMA-52">BMA-52</a>
for more information if this may affect you.
</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>IV only re-initialisation is supported by using null as the key parameter when creating a ParametersWithIV object.</li>
<li>CMS Enveloped and AuthenticatedData now support OriginatorInfo.</li>
<li>Support for ECDSA_fixed_ECDH authentication has been added to the TLS client.</li>
<li>Support for the Features signature sub-packet has been added to the PGP API.</li>
<li>Classes involved in CRL manipulation have been rewritten to reduce memory requirements for handling and parsing extremely large CRLs.</li>
<li>An implementation of Password Authenticated Key Exchange by Juggling (J-PAKE) has been added.</li>
<li>Support has been added for SHA-512/224, SHA-512/256, as well as a general SHA-512/t in the lightweight API.</li>
<li>The TSP API now supports generation of certIDs based on digests other than SHA-1.</li>
<li>OCSP responses can now be included in CMS SignedData objects.</li>
<li>The SipHash MAC algorithm has been added.</li>
<li>DRBGs from NIST SP 800-90A (DualEC excluded) have been added to the Crypto.Prng namespace together with SecureRandom builders.</li>
<li>Support has been added for OCB mode.</li>
<li>DSA version 2 parameter and key generation is now supported.</li>
<li>
A new interface IMemoable has been added for objects that can copy in and out their state. The digest classes now support this.
A special class NonMemoableDigest has been added which hides the IMemoable interface where it should not be available.
</li>
<li>TDEA is now recognised as an alias for DESede.</li>
<li>Support has been added for NIST SP 800-38D - GMAC to AES and other 128 bit block size algorithms.</li>
<li>The TLS API now supports TLS/DTLS 1.2 for both client and server</li>
<li>Full support is now provided for client-side auth in the D/TLS server code.</li>
<li>TLS: server-side support for DHE key exchange.</li>
<li>TLS: server-side support for PSK and SRP ciphersuites.</li>
<li>TLS: (EC)DSA now supports signatures with non-SHA1 digests.</li>
<li>TLS: support for ECDHE_ECDSA/AES/CCM ciphersuites from RFC 7251.</li>
<li>The TLS/DTLS code now includes a non-blocking API.</li>
<li>RFC 6637 ECDSA and ECDH support has been added to the OpenPGP API.</li>
<li>Implementations of Threefish and Skein have been added.</li>
<li>Implementation of the SM3 digest has been added.</li>
<li>Implementations of XSalsa20 and ChaCha have been added. Support for reduced round Salsa20 has been added.</li>
<li>Support has been added for RFC 6979 Deterministic DSA/ECDSA.</li>
<li>Support for the Poly1305 MAC has been added.</li>
<li>GCM and GMAC now support tag lengths down to 32 bits.</li>
<li>
Custom implementations for many of the NIST and SEC elliptic curves have been added, resulting in drastically improved performance. They
can be accessed via the Crypto.EC.CustomNamedCurves class and are generally selected by other internal APIs in place of the generic implementations.
</li>
<li>Automatic EC point validation added, both for decoded inputs and multiplier outputs.</li>
<li>Support has been added for X9.31-1998 DRBG.</li>
<li>
Support has been added for the SHA3 family of digests, including SHAKE128 and SHAKE256.
An implementation of the draft standard has been added as 'Keccak'.
</li>
<li>The ASN.1 parser for ECGOST private keys will now parse keys encoded with a private value represented as an ASN.1 INTEGER.</li>
<li>SubjectPublicKeyInfoFactory now supports DSA parameters.</li>
<li>Improved performance of BigInteger.ModPow and random prime generation.</li>
<li>SecureRandom instances now seeded by RNGCryptoServiceProvider (where available).</li>
<li>
An initial port of the Java "operators" mechanism has been introduced to support overriding of cryptographic primitives
in high-level APIs e.g. for signing using an external provider.
</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See list of resolved issues at
<a href="http://www.bouncycastle.org/jira/secure/ReleaseNote.jspa?projectId=10001&version=10170">Bouncy Castle JIRA C# 1.8.0</a>.
</li>
<li>
See the (cumulative) list of GitHub pull requests that we have accepted at
<a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
</li>
</ul>
<H4><A class="mozTocH4" name="mozTocId85313"></A>Release 1.7, Thursday April 7, 2011</H4>
<h5>Additional Features and Functionality</h5>
<ul>
<li>TLS now supports client authentication.</li>
<li>TLS now supports compression.</li>
<li>TLS now supports ECC cipher suites (RFC 4492).</li>
<li>Library can now be built for Silverlight (2.0 and above).</li>
<li>ASN.1 classes for CRMF (RFC 4211) and CMP (RFC 4210) have been added.</li>
<li>Further performance improvements to GCM mode.</li>
<li>BufferedBlockCipher will now always reset after a DoFinal().</li>
<li>An IV can now be passed to an Iso9797Alg3Mac</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See list of resolved issues at
<a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10110&sorter/field=issuekey&sorter/order=DESC">
Bouncy Castle JIRA C# 1.7
</a>
</li>
</ul>
<H4><A class="mozTocH4" name="mozTocId85312"></A>Release 1.6.1, Monday February 8, 2010</H4>
<ul>
<li>A point release to rectify some problems with the released assembly of 1.6 version.</li>
</ul>
<H4><A class="mozTocH4" name="mozTocId85311"></A>Release 1.6, Thursday February 4, 2010</H4>
<h5>Defects Fixed</h5>
<ul>
<li>X509DefaultEntryConverter was not recognising telephone number as a PrintableString field. This has been fixed.</li>
<li>OpenPGP now supports UTF-8 in file names for literal data.</li>
</ul>
<h5>Security Advisory</h5>
<ul>
<li>This version has been specifically reviewed to eliminate possible timing attacks on algorithms such as GCM and CCM mode.</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>Support for PSS signatures has been added to CMS.</li>
<li>SubjectKeyIdentifier now supports both methods specified in RFC 3280, section 4.2.1.2 for generating the identifier.</li>
<li>Performance of GCM mode has been greatly improved (on average 10x).</li>
<li>Support for mac lengths of 96, 104, 112, and 120 bits has been added to existing support for 128 bits in GCMBlockCipher.</li>
<li>Support for raw signatures has been extended to RSA, RSA-PSS and ECDSA. RSA support can be used in CmsSignedDataStreamGenerator to support signatures without signed attributes.</li>
<li>Support for EC MQV has been added to the light weight API and the CMS library.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See list of resolved issues at
<a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10100&sorter/field=issuekey&sorter/order=DESC">
Bouncy Castle JIRA C# 1.6
</a>
</li>
</ul>
<H4><A class="mozTocH4" name="mozTocId85310"></A>Release 1.5, Tuesday August 18, 2009</H4>
<h5>Defects Fixed</h5>
<ul>
<li>Correct the ASN.1 class for AuthorityInformationAccess.</li>
<li>In the Bcpg libs, armored output now inserts the correct version string.</li>
<li>EssCertIDv2 encoding now complies with RFC 5035.</li>
<li>ECDSA now computes correct signatures for oversized hashes when the order of the base point is not a multiple of 8 in compliance with X9.62-2005.</li>
<li>Standard name "DiffieHellman" is now supported in factory classes.</li>
<li>Better support for equality tests for '#' encoded entries has been added to X509Name.</li>
<li>'=' inside a X509Name was not being properly escaped. This has been fixed.</li>
<li>ApplicationSpecific ASN.1 tags are now recognised in BER data. The GetObject() method now handles processing of arbitrary tags.</li>
<li>Multiplication by negative powers of two is fixed in BigInteger.</li>
<li>Multiple countersignature attributes are now correctly collected.</li>
<li>Two bugs in HC-128 and HC-256 related to sign extension and byte swapping have been fixed. The implementations now pass the latest ecrypt vector tests.</li>
</ul>
<h5>Security Advisory</h5>
<ul>
<li>The effect of the sign extension bug was to decrease the key space the HC-128 and HC-256 ciphers were operating in and the byte swapping inverted every 32 bits of the generated stream. If you are using either HC-128 or HC-256 you must upgrade to this release.</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>PKIX certificate path validation</li>
<li>Accept duplicate PKCS#9 FriendlyName attributes in PKCS#12 keystore.</li>
<li>Add support for PKCS#5 Scheme 2 keys.</li>
<li>Camellia performance improved.</li>
<li>A smaller version of Camellia, CamelliaLightEngine has also been added.</li>
<li>CmsSignedData generation now supports SubjectKeyIdentifier as well as use of issuer/serial.</li>
<li>A CMS PBE key holder for UTF8 keys has been added to the CMS API.</li>
<li>Salt and iteration count can now be recovered from PasswordRecipientInformation.</li>
<li>Support for reading and extracting personalised certificates in PGP Secret Key rings has been added.</li>
<li>Support for EAC algorithms has been added to CMS.</li>
<li>Asn1Dump now supports a verbose mode for displaying the contents of octet and bit strings.</li>
<li>Support for the SRP-6a protocol has been added.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
See also the list of resolved issues at
<a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10080&sorter/field=issuekey&sorter/order=DESC">
Bouncy Castle JIRA C# 1.5
</a>
</li>
</ul>
<H4><A class="mozTocH4" name="mozTocId85309"></A>Release 1.4, Thursday August 8, 2008</H4>
<h5>Defects Fixed</h5>
<ul>
<li>The GeneralName string constructor now supports IPv4 and IPv6 address parsing.</li>
<li>EAX mode was not handling non-zero offsetted data correctly and failing. This has been fixed.</li>
<li>EAX mode ciphers were not resetting correctly after a DoFinal/Reset. This has been fixed.</li>
<li>Some boolean parameters to IssuingDistributionPoint were being reversed. This has been fixed.</li>
<li>A zero length RDN would cause an exception in an X509Name. This has been fixed.</li>
<li>Specifying a greater than 32bit length for a stream and relying on the default BcpgOutputStream resulted in corrupted data. This has been fixed.</li>
<li>Pkcs7Padding validation would not fail if pad length was 0. This has been fixed.</li>
<li>Signature creation time was not being properly initialised in new V4 PGP signature objects although the encoding was correct. This has been fixed.</li>
<li>The '+' character can now be escaped or quoted in the constructor for X509Name.</li>
<li>IV handling in CMS for SEED and Camellia was incorrect. This has been fixed.</li>
<li>ASN.1 stream parser now throws exceptions for unterminated sequences.</li>
<li>X509CertificateParser/X509CrlParser now handle multiple certificates/CRLs in streams that don't support seeking.</li>
<li>The CertID class used by the TSP library was incomplete. This has been fixed</li>
<li>\# is now properly recognised in the X509Name class.</li>
<li>BigInteger.ModInverse was failing for negative values. This has been fixed.</li>
<li>CMS API now supports RSASSA-PSS signatures with explicit salt length.</li>
</ul>
<h5>Additional Features and Functionality</h5>
<ul>
<li>ASN.1 libs now support high tag numbers.</li>
<li>Galois/Counter Mode (GCM) has been added.</li>
<li>The TSP API now supports parsing and validation of responses with V2 signing certificate entries.</li>
<li>Unnecessary local ID attributes on certificates in PKCS12 files are now automatically removed.</li>
<li>New Pkcs12StoreBuilder class supports generation of PKCS12 files with both certificates and keys protected by 3DES.</li>
<li>Certifications associated with user attributes can now be created, verified and removed in OpenPGP.</li>
<li>API support now exists for CMS countersignature reading and production.</li>
<li>A new class LazyAsn1InputStream supports lazy evaluation of DER sequences and sets, considerably reducing memory requirements in some scenarios.</li>
<li>KeyPurposeId class has been updated for RFC 4945.</li>
<li>Initial support has been added for HP_CERTIFICATE_REQUEST in the TLS API.</li>
<li>PGP example programs now handle blank names in literal data objects.</li>
<li>The ProofOfPossession class now better supports the underlying ASN.1 structure.</li>
</ul>
<h5>Additional Notes</h5>
<ul>
<li>
Due to problems for some users caused by the presence of the IDEA algorithm, an implementation is no
longer included in the default assembly. Only the assembly named BouncyCastle.CryptoExt now includes IDEA.
</li>
<li>
See also the list of resolved issues at
<a href="http://www.bouncycastle.org/jira/secure/IssueNavigator.jspa?reset=true&&pid=10001&fixfor=10050&sorter/field=issuekey&sorter/order=DESC">
Bouncy Castle JIRA C# 1.4
</a>
</li>
</ul>
<H4><A class="mozTocH4" name="mozTocId85308"></A>Release 1.3, Saturday December 8, 2007</H4>
<P>
ASN.1 stream parsing now handles definite length encodings efficiently.<br />
Buffering in the streaming CMS has been reworked. Throughput is now usually higher and the behaviour is more predictable.<br />
BcpgInputStream now handles data blocks in the 2**31->2**32-1 range.<br />
Some confusion over the parameters J and L in connection with Diffie-Hellman has been resolved.<br />
Added CryptoApiRandomGenerator, a wrapper for RNGCryptoServiceProvider.<br />
Added VMPC stream cipher, VMPCMAC and a VMPC-based implementation of IRandomGenerator.<br />
Added support in OpenPGP for fetching keyrings by case-insensitive user ID [#BMA-8].<br />
Fixed a vulnerability of CMS signatures that do not use signed attributes (Bleichenbacher RSA forgery).<br />
Fixed a bug causing second and later encrypted objects to be ignored in KeyBasedFileProcessor example.<br />
Fixed case-sensitivity issue with deletion from a PKCS#12 file.<br />
Fixed problem overwriting entities in a PKCS#12 file.<br />
Fixed PgpUtilities.MakeKeyFromPassPhrase for 8-bit characters [#BMA-13].<br />
Fixed duplicate certificate problem in Pkcs12Store.Save [#BMA-12].<br />
Fixed NAnt build under Mono [#BMA-10].<br />
Fixed BigInteger.ModPow for negative exponents [#BMA-7].<br />
</P>
<H4><A class="mozTocH4" name="mozTocId85307"></A>Release 1.2, Thursday July 5, 2007</H4>
<P>
Source now builds on .NET Compact Framework 1.0 (compilation flag NETCF_1_0).<br />
Release assembly now signed with a strong name.<br />
Added CCM and EAX block cipher modes.<br />
Added Noekeon block cipher.<br />
Added HC-128, HC-256, and ISAAC stream ciphers.<br />
Added RIPEMD160withECDSA signature algorithm.<br />
Added support for notation data signature subpackets to OpenPGP.<br />
Added support for parsing of experimental signatures to OpenPGP.<br />
Added the complete set of SEC-2 EC curves.<br />
Added support for implicit tagging to DerApplicationSpecific.<br />
Added remaining ASN.1 structures from RFC 3126 to Asn1.Esf namespace.<br />
Performance of ECDSA improved.<br />
Performance of ASN.1 stream parsing improved.<br />
Fixed default private key length for Diffie-Hellman parameters.<br />
Fixed DerT61String to correctly support 8-bit characters.<br />
Fixed duplicate attribute problem in Pkcs12Store.Save.<br />
Fixed a problem writing public keys in OpenPGP [#BMA-5].<br />
</P>
<H4><A class="mozTocH4" name="mozTocId85306"></A>Release 1.1, Friday May 4, 2007</H4>
<P>
Added support for writing DSA private keys, and more encodings, in OpenSsl
(PemReader/PemWriter).<br />
Removed SharpZipLib dependency.<br />
Added RSA blinded signature classes.<br />
Added Asn1.IsisMtt namespace (ISIS-MTT ASN.1 classes).<br />
Added SEED block cipher engine.<br />
Added Salsa20 stream cipher engine.<br />
Performance optimisations for F2m elliptic curves.<br />
Fixed OpenPGP bug decrypting files with multiple types of encryption on the
session key.<br />
</P>
<H4>
<A class="mozTocH4" name="mozTocId85305"></A>Release 1.0, Thursday January 18,
2007
</H4>
<P>
Implementations of CMS, OCSP, OpenPGP, and TSP.<br />
Elliptic Curves (F2m and Fp).<br />
A basic TLS client.<br />
PEM file reading and writing.<br />
Symmetric key algorithms: Camellia, GOST28147, NaccacheStern, and TEA/XTEA.<br />
Symmetric key modes: GOFB and OpenPGPCFB.<br />
Symmetric key paddings: ISO7816d4.<br />
Asymmetric key algorithms: RSA blinding.<br />
Digests: GOST3411 and Whirlpool.<br />
Macs: GOST28147 and ISO9797 Alg 3.<br />
Signer mechanisms: ECDSA, ECGOST3410, and GOST3410.<br />
...and many more features, bug fixes, and performance improvements.<br />
</P>
<H4><A class="mozTocH4" name="mozTocId85304"></A>Tuesday Febuary 1, 2005</H4>
<P>
This is the second beta release of the Bouncy Castle API C# implementation.<br />
Reliability improvement to ASN1InputStream.<br />
The OID entries in SignerUtilities for RSA signature algorithms for SHA-256,<br />
SHA-384, and SHA-512 were pointing creating the wrong signature objects.
</P>
<h4><a class="mozTocH4" name="mozTocId498363"></a>Sunday December 12, 2004</h4>
This is the first beta release of the Bouncy Castle Cryptographic API C#
implementation.<br />
The Legion of the Bouncy Castle would like to extend their thanks to all those
who contributed to this API during the alpha stages of its development.<br />
Keep up the good work folks.<br />
Please send any questions or bug reports to <a href="mailto:%5Cdev-crypto-csharp@bouncycastle.org">
dev-crypto-csharp@bouncycastle.org
</a><br />
<br />
<hr style="WIDTH: 100%; HEIGHT: 2px">
<h3>
<a class="mozTocH3" name="mozTocId948186"></a>Trademarks.<br />
</h3>
C#, .NET, and MSDN are Registered Trademarks of Microsoft. <a href="http://www.microsoft.com">
Microsoft.com
</a><br />
Java is a Registered Trademark of Sun Microsystems. <a href="http://www.sun.com">
Sun
Microsystems
</a><br />
<br />
<br />
<div style="TEXT-ALIGN: center">
� 2007 Legion of the Bouncy Castle<br />
</div>
</body>
</html>
|
