Which JCE providers are FIPS 140-2 compliant?

Rob H picture Rob H · Feb 18, 2011 · Viewed 15.9k times · Source

What Java Cryptography Extension (JCE) providers are FIPS 140-2 compliant? More specifically, does the Sun/Oracle provider qualify?

Answer

Stephen C picture Stephen C · Feb 19, 2011

According to this information on this page:

  1. IBM and RSA have FIPS 140-2 validated JCE providers.
  2. BouncyCastle have FIPS 140-2 validated JCE providers for Java 7 & 8. (See The Legion of the Bouncy Castle - FIPS Resources Page. Donations are encouraged!)
  3. Sun's JCE providers are not on the list of FIPS 140-2 validated modules.

However, Oracle do have a validated module called "Oracle Cryptographic Libraries for SSL". The description does not say this is a JCE provider ... but it might be.

Also, Oracle don't appear to have any "modules in progress" for FIPS 140-2 validation.