Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Federal Information Processing Standards in Zulu

Table of Contents
Need help?
Schedule a consultation with an Azul performance expert.
Contact Us

Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States federal government for use by all non-military government agencies and by government contractors. These standards are intended to ensure the security and interoperability of government IT systems, covering a range of aspects including data encryption, digital signatures, cryptographic module validation, and more.

Bouncy Castle FIPS in Zulu

To make Zulu Builds of OpenJDK compliant with FIPS, we included a crypto algorithms implementation module (Bouncy Castle Crypto APIs) in certain distributions of Zulu. This module is certified by the Cryptographic Module Validation Program (CMVP) and conforms to specific FIPS standards, U.S. government standards used to accredit cryptographic modules.

  • Zulu till end of 2024 integrates Bouncy Castle 1.0.2.3, with FIPS 140-2 certification.

  • From January 2025 onwards, Bouncy Castle 2 with FIPS 140-3 certification will be integrated.

Note
At this moment this is only available for Java 8, but 11 and 17 can be added if needed. Please contact [email protected] for more information.

The cacerts.bcfks file is a BCFKS type TrustStore for the Azul Zulu FIPS compliant configuration.

Using a FIPS-compliant cryptographic provider, like Bouncy Castle FIPS, can be crucial for organizations that must meet stringent security requirements, such as those involved in government contracts, financial institutions, and healthcare organizations, ensuring their cryptographic operations adhere to these established security standards.

How To Use

When Azul Zulu is installed, the Bouncy Castle library bc-fips.jar is expanded into the jre/lib/fips/ folder.

By default, the crypto algorithms implementation module is disabled. To enable it, add the following option while running Azul Zulu:

 
-XX:+UseBCFIPS