{"id":15037176,"url":"https://github.com/bcgit/bc-java","last_synced_at":"2026-04-09T18:39:49.242Z","repository":{"id":8740117,"uuid":"10416648","full_name":"bcgit/bc-java","owner":"bcgit","description":"Bouncy Castle Java Distribution (Mirror)","archived":false,"fork":false,"pushed_at":"2025-09-18T11:20:33.000Z","size":641568,"stargazers_count":2549,"open_issues_count":310,"forks_count":1194,"subscribers_count":138,"default_branch":"main","last_synced_at":"2025-10-04T04:34:33.678Z","etag":null,"topics":["crypto","dtls","java","openpgp","post-quantum-cryptography","tls"],"latest_commit_sha":null,"homepage":"https://www.bouncycastle.org/download/bouncy-castle-java/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":"https://www.bouncycastle.org/repositories/bc-java","source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bcgit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.html","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2013-06-01T02:38:42.000Z","updated_at":"2025-10-03T22:56:13.000Z","dependencies_parsed_at":"2024-01-12T21:06:14.938Z","dependency_job_id":"69cb1c7f-8b8d-417d-838f-2051cc30e0d9","html_url":"https://github.com/bcgit/bc-java","commit_stats":{"total_commits":14168,"total_committers":142,"mean_commits":99.77464788732394,"dds":0.5124223602484472,"last_synced_commit":"db6161f570c763d6eca17361570e973cf52e3227"},"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"purl":"pkg:github/bcgit/bc-java","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcgit%2Fbc-java","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcgit%2Fbc-java/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcgit%2Fbc-java/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcgit%2Fbc-java/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bcgit","download_url":"https://codeload.github.com/bcgit/bc-java/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bcgit%2Fbc-java/sbom","scorecard":{"id":228350,"data":{"date":"2025-08-11","repo":{"name":"github.com/bcgit/bc-java","commit":"d85840365a973e5cb2520eba5aba91f4458d47cb"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.8,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:29","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.html:0","Info: FSF or OSI recognized license: MIT License: LICENSE.html:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"SAST","score":10,"reason":"SAST tool detected: CodeQL","details":["Info: SAST configuration detected: CodeQL","Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Binary-Artifacts","score":0,"reason":"binaries present in source code","details":["Warn: binary detected: config/checkstyle/lib/methodchecker-1.0.0-sources.jar:1","Warn: binary detected: config/checkstyle/lib/methodchecker-1.0.0.jar:1","Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1","Warn: binary detected: libs/activation-1.1.1-sources.jar:1","Warn: binary detected: libs/activation-1.1.1.jar:1","Warn: binary detected: libs/jakarta.activation-api-2.0.0-sources.jar:1","Warn: binary detected: libs/jakarta.activation-api-2.0.0.jar:1","Warn: binary detected: libs/jakarta.mail-2.0.1-sources.jar:1","Warn: binary detected: libs/jakarta.mail-2.0.1.jar:1","Warn: binary detected: libs/javax.mail-1.4.7-sources.jar:1","Warn: binary detected: libs/javax.mail-1.4.7.jar:1","Warn: binary detected: libs/junit-4.13.2-sources.jar:1","Warn: binary detected: libs/junit-4.13.2.jar:1","Warn: binary detected: libs/unboundid-ldapsdk-6.0.8-sources.jar:1","Warn: binary detected: libs/unboundid-ldapsdk-6.0.8.jar:1","Warn: binary detected: test/libs/annotations-api-6.0.53.jar:1","Warn: binary detected: test/libs/failureaccess-1.0.1.jar:1","Warn: binary detected: test/libs/grpc-api-1.58.0.jar:1","Warn: binary detected: test/libs/grpc-core-1.58.0.jar:1","Warn: binary detected: test/libs/grpc-netty-shaded-1.58.0.jar:1","Warn: binary detected: test/libs/grpc-protobuf-1.58.0.jar:1","Warn: binary detected: test/libs/grpc-protobuf-lite-1.58.0.jar:1","Warn: binary detected: test/libs/grpc-services-1.58.0.jar:1","Warn: binary detected: test/libs/grpc-stub-1.58.0.jar:1","Warn: binary detected: test/libs/guava-32.0.1-android.jar:1","Warn: binary detected: test/libs/jna-4.3.0-sources.jar:1","Warn: binary detected: test/libs/jna-4.3.0.jar:1","Warn: binary detected: test/libs/jna-platform-4.3.0-sources.jar:1","Warn: binary detected: test/libs/jna-platform-4.3.0.jar:1","Warn: binary detected: test/libs/perfmark-api-0.26.0.jar:1","Warn: binary detected: test/libs/protobuf-java-3.22.3.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: OSSFuzz integration found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: not a valid arithmetic operator: jce: build1-1:0","Info: Possibly incomplete results: error parsing shell code: not a valid arithmetic operator: jce: build1-2:0","Info: Possibly incomplete results: error parsing shell code: not a valid arithmetic operator: core: buildj2me:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/bcgit/bc-java/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/bcgit/bc-java/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/bcgit/bc-java/codeql.yml/main?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}}]},"last_synced_at":"2025-08-17T04:17:36.806Z","repository_id":8740117,"created_at":"2025-08-17T04:17:36.806Z","updated_at":"2025-08-17T04:17:36.806Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278411245,"owners_count":25982368,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-05T02:00:06.059Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","dtls","java","openpgp","post-quantum-cryptography","tls"],"created_at":"2024-09-24T20:33:40.997Z","updated_at":"2025-10-05T20:31:11.433Z","avatar_url":"https://github.com/bcgit.png","language":"Java","readme":"# The Bouncy Castle Crypto Package For Java\n\nThe Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms, it was developed by the Legion of the Bouncy Castle, a registered Australian Charity, with a little help! The Legion, and the latest goings on with this package, can be found at [https://www.bouncycastle.org](https://www.bouncycastle.org).\n\nThe Legion also gratefully acknowledges the contributions made to this package by others (see [here](https://www.bouncycastle.org/contributors.html) for the current list). If you would like to contribute to our efforts please feel free to get in touch with us or visit our [donations page](https://www.bouncycastle.org/donate), sponsor some specific work, or purchase a support contract through [Crypto Workshop](https://www.keyfactor.com/platform/bouncy-castle-support/) (now part of Keyfactor).\n\nThe package is organised so that it contains a light-weight API suitable for use in any environment (including the newly released J2ME) with the additional infrastructure to conform the algorithms to the JCE framework.\n\nExcept where otherwise stated, this software is distributed under a license based on the MIT X Consortium license. To view the license, [see here](https://www.bouncycastle.org/licence.html). The OpenPGP library also includes a modified BZIP2 library which is licensed under the [Apache Software License, Version 2.0](https://www.apache.org/licenses/). \n\n**Note**: this source tree is not the FIPS version of the APIs - if you are interested in our FIPS version please contact us directly at  [office@bouncycastle.org](mailto:office@bouncycastle.org).\n\n\n## Environmental Variables\n\nBefore invoking gradlew you need to ensure the following environmental variables are defined and point\nto valid JAVA_HOMEs for each JVM version:\n\n```\nexport BC_JDK8=/path/to/java8\nexport BC_JDK11=/path/to/java11\nexport BC_JDK17=/path/to/java17\nexport BC_JDK21=/path/to/java21\n```\n\n## Building\n\nThe project now uses ```gradlew``` which can be invoked for example:\n\n```\n# from the root of the project\n\n# Ensure JAVA_HOME points to JDK 17 or higher JAVA_HOME\n\n\n./gradlew clean build\n\n```\n\nThe gradle script will endeavour to verify their existence but not the correctness of their value.\n\n\n## Multi-release jars and testing\nSome subprojects produce multi-release jars and these jars are tested in different jvm versions.\nDefault testing on these projects is done on java 1.8 and there are specific test tasks for other versions.\n\n1. test11 test on java 11 JVM\n2. test17 test on java 17 JVM\n3. test21 test on java 21 JVM\n\nTo run all of them:\n\n```\n./gradlew clean build test11 test17 test21\n```\n\n\n## Code Organisation\n\nThe clean room JCE, for use with JDK 1.1 to JDK 1.3 is in the jce/src/main/java directory. From JDK 1.4 and later the JCE ships with the JVM, the source for later JDKs follows the progress that was made in the later versions of the JCE. If you are using a later version of the JDK which comes with a JCE install please **do not** include the jce directory as a source file as it will clash with the JCE API installed with your JDK.\n\nThe **core** module provides all the functionality in the ligthweight APIs.\n\nThe **prov** module provides all the JCA/JCE provider functionality.\n\nThe **util** module is the home for code which is used by other modules that does not need to be in prov. At the moment this is largely ASN.1 classes for the PKIX module.\n\nThe **pkix** module is the home for code for X.509 certificate generation and the APIs for standards that rely on ASN.1 such\nas CMS, TSP, PKCS#12, OCSP, CRMF, and CMP.\n\nThe **mail** module provides an S/MIME API built on top of CMS.\n\nThe **pg** module is the home for code used to support OpenPGP.\n\nThe **tls** module is the home for code used to a general TLS API and JSSE Provider.\n\nThe build scripts that come with the full distribution allow creation of the different releases by using the different source trees while excluding classes that are not appropriate and copying in the required compatibility classes from the directories containing compatibility classes appropriate for the distribution.\n\nIf you want to try create a build for yourself, using your own environment, the best way to do it is to start with the build for the distribution you are interested in, make sure that builds, and then modify your build scripts to do the required exclusions and file copies for your setup, otherwise you are likely to get class not found exceptions. The final caveat to this is that as the j2me distribution includes some compatibility classes starting in the java package, you need to use an obfuscator to change the package names before attempting to import a midlet using the BC API.\n\n**Important**: You will also need to check out the [bc-test-data](https://github.com/bcgit/bc-test-data) repository at the same level as the bc-java repository if you want to run the tests.\n\n\n## Examples and Tests\n\nTo view some examples, look at the test programs in the packages:\n\n*   **org.bouncycastle.crypto.test**\n\n*   **org.bouncycastle.jce.provider.test**\n\n*   **org.bouncycastle.cms.test**\n\n*   **org.bouncycastle.mail.smime.test**\n\n*   **org.bouncycastle.openpgp.test**\n\n*   **org.bouncycastle.tsp.test**\n\nThere are also some specific example programs for dealing with SMIME and OpenPGP. They can be found in:\n\n*   **org.bouncycastle.mail.smime.examples**\n\n*   **org.bouncycastle.openpgp.examples**\n\n## Mailing Lists\n\nFor those who are interested, there are 2 mailing lists for participation in this project. To subscribe use the links below and include the word subscribe in the message body. (To unsubscribe, replace **subscribe** with **unsubscribe** in the message body)\n\n*   [announce-crypto-request@bouncycastle.org](mailto:announce-crypto-request@bouncycastle.org)  \n    This mailing list is for new release announcements only, general subscribers cannot post to it.\n*   [dev-crypto-request@bouncycastle.org](mailto:dev-crypto-request@bouncycastle.org)  \n    This mailing list is for discussion of development of the package. This includes bugs, comments, requests for enhancements, questions about use or operation.\n\n**NOTE:** You need to be subscribed to send mail to the above mailing list.\n\n## Feedback and Contributions\n\nIf you want to provide feedback directly to the members of **The Legion** then please use [feedback-crypto@bouncycastle.org](mailto:feedback-crypto@bouncycastle.org), if you want to help this project survive please consider [donating](https://www.bouncycastle.org/donate).\n\nFor bug reporting/requests you can report issues here on github, or via feedback-crypto if required. We will accept pull requests based on this repository as well, but only on the basis that any code included may be distributed under the [Bouncy Castle License](https://www.bouncycastle.org/licence.html).\n\n## Finally\n\nEnjoy!\n","funding_links":[],"categories":["安全"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbcgit%2Fbc-java","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbcgit%2Fbc-java","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbcgit%2Fbc-java/lists"}