Support and FIPS FAQ

  1. What is the end-of-life policy for Bouncy Castle Releases?

    At the moment we treat any release more than 4 years old as "end of lifed". The age of a particular release is taken from the end of the calendar year in which the release was made.

    We do keep archives of all releases and are willing to provide patches for those on a consulting basis if required. If you are using an old BC release it is worth bearing in mind that in addition to bug fixes and addtions to the APIs, some new releases of the Bouncy Castle libraries are done for security reasons and also productivity reasons (as in when we find a simpler, and hopefully less error prone, way of getting a particular job done, we normally role it in). For these reasons alone it is worth periodically migrating to new versions of the APIs. Advice related to migrating to a more recent release of the Bouncy Castle APIs is included as part of regular support and does not decrease available consulting time.

  2. What support contracts are offered?

    Our contracts come in 3 classes: Bronze, Enterprise and Enterprise Combined. Bronze and Enterprise cover either Java or C# with different levels of support. Enterprise Combined provides Enterprise level support for both the Java and C# together.

  3. I've got a test system, development system and a disaster recovery system, do I need a separate support agreement for each?

    No. One agreement will cover all of them.

  4. Is there a limit on the number of incidents that can be reported under a support contract?

    No. We do not currently have a limit on the number of incidents, none of our existing clients have abused this to date, so we do not expect to introduce one in the forseeable future either.

  5. How many named contacts can I have with a support contract?

    Currently a Bronze level support agreement includes 2 nominated contacts from your organisation. Enterprise level agreements allows for named contacts to be domain name based.

  6. Do support contracts include any consulting time?

    Yes. At the moment a Bronze level support contract includes 10 hours of consulting time, with both Enterprise and Enterprise Combined offering up to 100 hours. Additional consulting time can be purchased if required on an ad-hoc basis at a reduced rate. Please note unused consulting time does not accumulate between contracts, unused time is donated back to the Bouncy Castle project.

  7. I am interested in FIPS. Do support contracts include early access to the FIPS APIs?

    Yes. Holders of Bouncy Castle support contracts also qualify for early access to the Bouncy Castle FIPS APIs. Enterprise Combined contract holders have early access to both the Java and the C# FIPS projects. FIPS early access also includes the CAVP and operational test harnesses for certification.

  8. I am interested in FIPS. I like the BC modules but I need a certificate in my company's name. Would having a support contract make it easier to do this?

    Yes. You would have access to the full test suite, in addition to some of the compliance documentation. Legion of the Bouncy Castle Inc is also happy for people to attach to their certificate if it would help in this case as well.

  9. I am interested in FIPS. If my application is using the FIPS APIs is it FIPS compliant?

    Generally the answer to this is yes, providing your application is using the FIPS API according to the security policy provided for the FIPS module. We are happy to review your usage of the API to certify this is the case. Depending on the size of the code using encryption this may even take less than 10 hours so if you are support contract holder and this is the only task you need done by us, it is likely no extra costs will be incurred.

  10. Why use Crypto Workshop?

    We offer first level support - support is provided by the Bouncy Castle software authors themselves so we can guarantee the best support available. Our contracts do come with SLAs for request turn around time, but we always endeavour to respond as quickly and as effectively as we can.

  11. Is Crypto Workshop registered on

    Yes, we are registered and up and going. As SAM is based on an organisation's physical location you will find us registered under Crypto Workshop Pty Ltd, our Australian entity. If it helps we also have a standard one page capability statement available.

  12. I am interested. What do I do now?

    Great! You can find our price list here. Please contact us for further details.