diff --git a/README.md b/README.md index 5d5841f06..a0a5f2ae1 100644 --- a/README.md +++ b/README.md @@ -260,11 +260,11 @@ The Java SDK uses third-party libraries that are required for usage. Their licen 2. [jose4j v0.9.4](https://bitbucket.org/b_c/jose4j/wiki/Home) Maven: `org.bitbucket.b_c:jose4j:0.9.4` Licence: [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0) -3. [bouncycastle bcprov-jdk18on v1.82](https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on/1.82) - Maven: `org.bouncycastle:bcprov-jdk18on:1.82` +3. [bouncycastle bcprov-jdk18on v1.84](https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on/1.84) + Maven: `org.bouncycastle:bcprov-jdk18on:1.84` Licence: [MIT](https://opensource.org/licenses/MIT) -4. [bouncycastle bcpkix-jdk18on v1.82](https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk18on/1.82) - Maven: `org.bouncycastle:bcpkix-jdk18on:1.82` +4. [bouncycastle bcpkix-jdk18on v1.84](https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk18on/1.84) + Maven: `org.bouncycastle:bcpkix-jdk18on:1.84` Licence: [MIT](https://opensource.org/licenses/MIT) 5. [Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7](http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html) If you don't install this, you'll get an exception about key length or exception about parsing PKCS private key for Box Developer Edition. This is not a Box thing, this is a U.S. Government requirement concerning strong encryption. @@ -305,7 +305,7 @@ If you are developing application for Android visit our [Android guide](./docs/a ## FIPS 140-2 Compliance To generate a Json Web Signature used for retrieving tokens in the JWT authentication method, the Box Java SDK decrypts an encrypted private key. -For this purpose, Box Java SDK uses libraries (`org.bouncycastle:bcpkix-jdk18on:1.82` and `org.bouncycastle:bcprov-jdk18on:1.82`) +For this purpose, Box Java SDK uses libraries (`org.bouncycastle:bcpkix-jdk18on:1.84` and `org.bouncycastle:bcprov-jdk18on:1.84`) that are NOT compatible with FIPS 140-2 validated cryptographic library (`org.bouncycastle:bc-fips`). There are two ways of ensuring that decryption operation is FIPS-compiant. diff --git a/build.gradle b/build.gradle index cd8c13ee2..d1086b2aa 100644 --- a/build.gradle +++ b/build.gradle @@ -56,8 +56,8 @@ dependencies { implementation "com.fasterxml.jackson.core:jackson-core:2.21.4" implementation "com.fasterxml.jackson.core:jackson-databind:2.21.4" implementation "org.bitbucket.b_c:jose4j:0.9.6" - implementation "org.bouncycastle:bcprov-jdk18on:1.82" - implementation "org.bouncycastle:bcpkix-jdk18on:1.82" + implementation "org.bouncycastle:bcprov-jdk18on:1.84" + implementation "org.bouncycastle:bcpkix-jdk18on:1.84" implementation "com.squareup.okhttp3:okhttp:4.12.0" implementation "com.github.luben:zstd-jni:1.5.7-2" testsCommonImplementation "junit:junit:4.13.2"