CryptoComply Java v4.5 with PQC Algorithms Now Available

SafeLogic today announced the immediate availability of a new version of its Java cryptographic software, CryptoComply Java. A drop-in replacement for Bouncy Castle’s BC FJA 2.x, CryptoComply Java v4.5 includes the first three NIST-standardized post-quantum cryptography (PQC) algorithms, enables hybrid mode that combines PQC with FIPS-certified classical cryptography, supports the IETF’s final PKCS#8 private key format for NIST PQC algorithms, and optionally works with a NIST ESV-certified entropy source.

Post-Quantum Cryptography

NIST has been working to identify and standardize cryptographic algorithms that will not be susceptible to quantum computer attacks since 2017.  Last year, it standardized a first set of post-quantum cryptography (PQC) algorithms. CryptoComply Java v4.5 includes support for all three of these NIST-standard PQC algorithms:

• ML-KEM (FIPS 203), short for Module-Lattice Key Encapsulations Mechanism, enables parties to establish shared secrets, like symmetric encryption keys, over insecure networks in the presence of both quantum and classical computers. It was designed to be used in TLS/SSL, VPNs, encrypted messaging apps, and government or military communications
• ML-DSA (FIPS 204), which stands for Module-Lattice Digital Signature Algorithm, is a digital signature scheme for verifying identity, integrity, or authenticity that is secure against both classical and quantum computers. It is designed to deliver fast signature generation and verification, as well as reasonable key and signature sizes. Typical use cases for ML-DSA include secure software updates, certificate signing, email, and document signing, and applications requiring authenticated and tamper-proof digital communication
• SLH-DSA (FIPS 205), which stands for Side-Channel Lightweight Hash-Based Digital Signature Algorithm, is also a quantum-resistant digital signature scheme. It employs proven and secure hashing that is not vulnerable to quantum computer attacks.  Also since it is stateless, it simplifies implementation. SLH-DSA features relatively small public keys (albeit with relatively large signatures), which can make it a better option than ML-DSA for certain use cases.

CAVP and CMVP certification for these PQC algorithms are forthcoming.

Hybrid PQC/FIPS-Validated Mode

Some organizations subject to FIPS 140 also need PQC because they have sensitive data with long-term value at risk to Harvest Now, Decrypt Later (HNDL) attacks. However, no PQC algorithms have yet received FIPS 140 certification. CryptoComply Java v4.5 supports PQC hybrid mode key exchange by combining SafeLogic’s FIPS 140-3 validated algorithms used in CryptoComply Java v4 (CMVP FIPS 140-3 certificate #4912) with ML-KEM.  This enables organizations to achieve quantum resistance today while maintaining FIPS compliance.

Expanded Interoperability

CryptoComply Java v4.5 now supports the finalized PKCS#8 private key formats for NIST PQC algorithms as defined by the IETF. This delivers reliable interoperability with CryptoComply Core v3.5, CryptoComply Mobile v3.5, CryptoComply Go and other cryptography providers including OpenSSL 3.5. Doing so facilitates cross-platform compatibility and enhances ecosystem integration.

ESV-Certified Entropy Provider

CryptoComply Java v4.5 can optionally use a NIST ESV-certified entropy source.  NIAP is already requiring ESV-certified entropy sources for new Common Criteria submissions that employ cryptography. NIST will require an ESV-certified entropy source for new FIPS 140-3 submissions started 1/1/26.

Availability and Support

CryptoComply Java v4.5 runs on any device that runs a Java virtual machine.  It is available today from SafeLogic upon request, and is fully supported by SafeLogic’s proven, enterprise-class, commercial-grade product support team.

For More Information

For more information on this new version, contact your existing SafeLogic representative or email sales@safelogic.com.

About SafeLogic

Founded in 2012, SafeLogic is a premier provider of cryptographic software that enable enduring privacy and trust in the ever-changing digital world. Used by many of the world's top technology firms, SafeLogic expedites and streamlines the adoption of FIPS 140-validated classical and post-quantum cryptography. SafeLogic delivers FIPS 140-3 validated software, PQC, strong entropy sources and crypto-agility, all supported by a world-class software delivery factory and enterprise software support. SafeLogic’s software is made in the USA, and its products are Trade Agreements Act (TAA) compliant.