Comments (4)
Confirmed that all hard cryptographic dependencies on BouncyCastle have been removed. This means that while BouncyCastle is still being used, it is only for parsing and support logic.
Critically, it means that it can also be swapped out for the FIPS validated provider. The following diff still passes all tests:
diff --git a/pom.xml b/pom.xml
index 3a2f2d3..ce56b08 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,8 +48,8 @@
<dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-ext-jdk15on</artifactId>
- <version>1.61</version>
+ <artifactId>bc-fips</artifactId>
+ <version>1.0.1</version>
</dependency>
<dependency>
Excellent work @WesleyRosenblum !
from aws-encryption-sdk-java.
@fieldju We're taking a look at this one right now. I'll post again when we have a more concrete update, but I wanted to let you know that we're on it!
from aws-encryption-sdk-java.
@mattsb42-aws what is the status of this issue?
from aws-encryption-sdk-java.
Adding here for reference: when we do the point decompression, we need to make sure that we cover this too: aws/aws-encryption-sdk-python#113
from aws-encryption-sdk-java.
Related Issues (20)
- Version 2.4.0 does not work with graalvm, class VersionInfo, error: "java.lang.NullPointerException: inStream parameter is null" HOT 1
- Support mark with CryptoInputStream HOT 1
- cannot execute the representative example code because of ClassNotFoundException HOT 1
- Use the `jdk18on` variant of Bouncy Castle HOT 3
- AWSCredentialsProvider Not Found HOT 1
- AWSCredentialsProvider Not Found HOT 2
- CVE-2023-33201 - new Encryption SDK release? HOT 1
- AwsKmsMrkAwareMasterKeyProvider always attempts to resolve defaultRegion through DefaultAwsRegionProviderChain HOT 3
- Need to generate data key without plaintext HOT 3
- Maven Compile Warning for SuppressFBWarnings HOT 3
- Intermittent exception in thread "main" com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException: Unable to decrypt any data keys HOT 3
- Intermittently we get "com.amazonaws.encryptionsdk.exception.CannotUnwrapDataKeyException: Unable to decrypt any data keys" caused by "com.amazonaws.encryptionsdk.exception.NoSuchMasterKeyException: Key must be in supplied list of keyIds" HOT 1
- IllegalArgumentException getting a master key due to localization HOT 1
- Chore: Audit Dependencies HOT 1
- V2 KmsMasterKeyProvider - cannot set Synch client - need to set proxy HOT 1
- Thread Pinning With Virtual Threads HOT 1
- Unable to process entire ciphertext Exception while decrypting HOT 4
- Getting `CannotUnwrapDataKeyException` on v2.4.0 when using alias for decryption HOT 3
- Not able to use the Async (non-blocking) version of the KMS Client HOT 1
- AWS SDK and version policy unclear HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-encryption-sdk-java.