CryptoComply for Java

FIPS_Certificate_buttonCryptoComply for Java is part of SafeLogic’s family of standards-based “Drop-in Compliance” cryptographic engines designed for use in servers, workstations, Cloud, appliances, and mobile devices.  SafeLogic’s containers deliver core cryptographic functions to these platforms and feature robust algorithm support, including Suite B algorithms. CryptoComply modules offload secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation. As a FIPS 140-2 validated module, CryptoComply for Java can be deployed quickly to meet various needs and requirements.

Open Source Compatibility

CryptoComply is now available as a direct, drop-in replacement for both OpenSSL and Bouncy Castle. CryptoComply for Java is the version designed to be compatible with Bouncy Castle.  For an architectural review and to confirm full compatibility, please contact us.

RapidCert Validation

SafeLogic reduces the time required for FIPS 140 validation by as much as 90% when the CryptoComply module is deployed as a replacement for non-validated software.  FIPS 140-2 validations can take over 12 months, but with CryptoComply and the RapidCert process, time-to-compliance can be dramatically reduced. Our target is 8 weeks from start to finish with zero additional effort required from the customer.

Meet Compliance Requirements Instantly

CryptoComply for Java is a drop-in replacement for the Bouncy Castle library.  Developers merely have to build their code to utilize the SafeLogic JCE provider.  Because CryptoComply has already completed FIPS 140-2 validation, products that deploy CryptoComply can accurately claim FIPS 140-2 compliance immediately.

Manage Costs and Time

FIPS 140-2 validations can take well over a year to complete and costs have escalated dramatically, especially as the number of supported platforms increases. In the dynamic IT security business, these delays and costs can magnify competitive and customer demand pressures. CryptoComply provides instant FIPS 140-2 compliance because the modules have already undergone the validation process.

Licensing other third-party modules can cost hundreds of thousands of dollars per year and don’t even include validation. With SafeLogic, customers will enjoy greatly reduced licensing and maintenance costs.

Eliminate Wasted Effort

Validations on a per product basis wastes time, money and effort.  Save valuable resources by incorporating CryptoComply into multiple products or multiple product lines.  Moreover, because CryptoComply for Java is centrally maintained by SafeLogic, on-going support costs are greatly reduced and duplication of effort is eliminated. SafeLogic’s aggressive certification roadmap ensures that as new operating system versions are made available, CryptoComply validations will be kept up-to-date.

Maintain Validation Status

With FIPS 140-2 validations, any changes to a traditional module may force re-validation. Additional platform support may also require a re-validation. Discovered vulnerabilities in the module code could force a re-validation. CryptoComply contains only the core cryptographic functions, ensuring that only the most critical, security-relevant changes will necessitate re-validation.

While CryptoComply for Java has been designed to isolate the validation to only the key functions, SafeLogic will continue to stringently maintain validations to support technology changes and new security threats.

CryptoComply for Java offers FIPS 140-2 encryption for the following platforms, with others available by request:

Microsoft Windows
 Linux

Android – in testing

Note that compliance is maintained for other operating system versions where the module binary does not change.

Don’t know what that means? Don’t worry. Contact us and we’ll teach you.

CryptoComply provides robust algorithm support with a variety of Suite B and FIPS-approved algorithms which have been certified by NIST’s Cryptographic Algorithm Validation Program (CAVP). These algorithms include:

 AES (all modes and key sizes)
 TDES (all modes)
 
SHA (all variants)
 HMAC-SHA (all variants)

DH, ECDH
 
DSA, DSA2, RSA
 
ECDSA, ECDSA2
 RNG: SP 800-90 DRBG
Standard Orange
Access to SafeLogic Support Portal
RapidCert Maintenance
Updated Builds and Bug Fixes
Security Alert Notifications
Dedicated Account Manager
Custom Builds
Discounted updates to FIPS-validated operating environments
Semi-Annual Product Roadmap Updates
Response time from Support Team 2 Business Days 4 Business Hours
Learn more by downloading the CryptoComply datasheet.

Download CryptoComply Datasheet