The following provides an overview of Bouncy Castle's capabilities and support, with relevant links to external standards and documentation. 

Packages and Standards

Bouncy Castle Java supports the following formats and standards.

Supported StandardExternal Reference

X.509 and PKIX.

RFC 5280


RFC 4210

CMS/PKCS#7: Cryptographic Message Syntax

RFC 5652


RFC 4211

DANE: DNS-Based Authentication of Named Entities

RFC 7671

DVCS: Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols

RFC 3029

DTLS: Datagram Transport Layer Security

RFC 6347

EAC: Extended Access Control (EAC) Certificates

BSI TR-03110

ERS: Evidence Record Syntax

RFC 4998

EST: Enrollment over Secure Transport

RFC 7030

ITS: Intelligent Transportation Systems 

LMS and XMSS: Stateful Hash Based Signatures

SP 800-208, RFC 8554, RFC 8708, RFC 8391

OpenPGP: OpenPGP Message Format

RFC 4880, RFC 6637

PKCS#10: Certification Request Syntax

RFC 2986

PKCS#12: Personal Information Exchange Syntax

RFC 7292

TLS:  Transport Layer Security

RFC 5246, RFC 5932, RFC 6209, RFC 8446, NIST SP 800-52 Rev. 2

TSP: Time-Stamp Protocol

RFC 3161, RFC 5544


The following lists certifications with relevant links to certificates and documentation. 

For more information about the Bouncy Castle FIPS Java API and how it presents cryptography, refer to The Bouncy Castle FIPS Java API in 100 Examples and sample code at and

Algorithms and Key Types

Bouncy Castle supports the following public key algorithm types and key size/curves.

AlgorithmExternal Reference
Diffie-HellmanSP 800-56A
DSAFIPS PUB 186-4, RFC 6979
DSTUDSTU 4145-2002
ECDSA/ECDHX9.62, FIPS PUB 186-4, RFC 5639, RFC 6979, SP 800-56A
EdDSA/XDHRFC 7748, RFC 8032
RFC 8410
ElGamalRFC 4880
GOSTRFC 4490, RFC 7836
LMS/HSSRFC 8554, RFC 8708
SM2RFC 8998
RSARFC 8017, FIPS PUB 186-4, SP 800-56B

Symmetric Key Algorithms

Bouncy Castle supports the following symmetric key algorithms.

AlgorithmExternal Reference
AESFIPS PUB 197, RFC 3394, RFC 5649
ARIARFC 5794, RFC 5649
CamelliaRFC 3713, RFC 3657
CAST 5RFC 2144
CAST 6RFC 2612
CHACHA-7359RFC 7359
DSTU 7624DSTU 7624:2014
GOST 28147RFC 5830
GOST 3412-2015RFC 7801
LEAISO/IEC 29192-2:2019
RC2RFC 2268, RFC 3217
RC5RFC 2040
Salsa20eSTREAM Project
SM4RFC 8998
TripleDESFIPS PUB 46-3, RFC 3217

Message Digests and Expandable Output Functions

Bouncy Castle supports the following Message Digests and Expandable Output Functions (XOFs).

AlgorithmExternal Reference
Blake2RFC 7693
cSHAKE-128, cSHAKE-256SP 800-185
KMAC-128, KMAC-256SP 800-185
MD5RFC 1321
ParallelHash-128, ParallelHash-256SP 800-185
SHA224, SHA256, SHA384, SHA512, SHA512/224, SHA512/256FIPS PUB 180-4
SHA3-224, SHA3-256, SHA3-384, SHA3-512FIPS PUB 202
SHAKE-128, SHAKE-256FIPS PUB 202, RFC 8702
SM3RFC 8998
TigerProject NESSIE
TupleHash-128, TupleHash-256SP 800-185
WhirlpoolProject NESSIE, ISO/IEC 10118-3

CRL, OCSP and Certificate Distribution

Bouncy Castle supports the following CRL formats and standards.

Supported StandardExternal Reference
CRL creation and URL based CRL Distribution Points.RFC 5280
Online Certificate Status Protocol (OCSP), including AIA-extension and must-staple extension.RFC 2560, RFC 6960RFC 5019 and RFC 8964

The German Common PKI SigG CertHash OCSP extension.

Common PKI

Certificate Enrollment Protocols

The following lists Certificate Enrollment Protocols and/or interfaces.

Protocol / InterfaceExternal ReferenceDocumentation
Simple Certificate Enrollment Protocol (SCEP).SCEP draft 23SCEP
Certificate Management Protocol (CMP).RFC 4210CMP
Enrollment over Secure Transport (EST).RFC 7030EST