FlexiProvider 1.7p7 released
- On January 20th , 2014, we released version 1.7.7. In this release, we fixed some bugs with MeRSAPrivateKey and PBES2ParameterSpec constructor. We would like to thank the help of Mr. Dominik Schadow.
FlexiProvider 1.7p6 released
- On January 17th , 2013, we released version 1.7.6. In this release, we fixed some problems with MpRSA and Factorization. We would like to thank the help of Dr. Martin Döring and Mr. Dominik Schadow.
FlexiProvider 1.7p5 released
- On June 26th , 2012, we released version 1.7.5. In this release, we fixed some bugs in generateSeed(). We would like to thank the help of Mr. Dominik Schadow.
FlexiProvider 1.7p4 released
- On May 21th , 2012, we released version 1.7.4. In this release, we fixed some bugs in ECPRNG.class.
FlexiProvider 1.7p3 released
- On November 11th , 2011, we released version 1.7.3. In this release, we fixed some more bugs in OFB mode. We would like to thank the help of Franziskus Kiefer.
FlexiProvider 1.7p2 released
- On October 18th, 2011, we released version 1.7.2. In this release, we fixed some bugs in Rijndael key factory, OFB mode (with no padding) and used JDK implementation SecureRandom.generateSeed()in ECPRNG and BBSRandom. We would like to thank the help of Martin Döring, Anatoli Barski and Franziskus Kiefer.
FlexiProvider 1.7p1 released
- On February 21st, 2011, we released version 1.7.1. In this release, the PFlash multivariate signature scheme is available in FlexiProvider. The implementation was made under the supervision of Albrecht Petzoldt.
FlexiProvider 1.7p0 released
- On January 5th, 2011, we released version 1.7.0. In this release, the RainBow signature scheme is available as the first multivariate based cryptosystem integrated to FlexiProvider. The implementation was made under the supervision of Albrecht Petzoldt.
FlexiProvider 1.6p9 released
- On December 3rd, 2010, we released version 1.6.9. In this release, we updated the AES test vector and fixed a bug in the counter mode of AES. The bugs were solved by Martin Döring and Nils-Fabian Reimers.
FlexiProvider 1.6p8 released
- On October 2nd, 2010, we released version 1.6.8. We Updated CMSS and OTS and fixed following bugs: A validate problem in CMSS Signature, a verification and decryption problems with Niederreiter PKC. The bugs solved and discovered by Martin Döring and Nils-Fabian Reimers. In addition, We removed ConoradoOTS from this version, because the Winternitz-OTS is much better, and up to date.
FlexiProvider 1.6p7 released
- On March 28th, 2010, we released version 1.6.7. We updated LMOTS.
FlexiProvider 1.6p6 released
- Fixed a problem with the password based encryption keys. PKCS#12 is now working properly.
FlexiProvider 1.6p5 released
- Added an RSA PKCS1v5 variant which encrypts a message of unlimited length. Also added a prototype implementation of the Lyubashevsky-Micciancio one-time signature scheme. In addition some problems are fixed.
FlexiProvider 1.6p4 released
- The semantical secure variant of ElGamal is now available
FlexiProvider 1.6p3 released
- The GMSS signature scheme is now available
FlexiProvider 1.6p2 released
- Small problems were fixed
FlexiProvider 1.6p1 released
FlexiProvider 1.6 released
On May 9th, 2008, we released version 1.6 (build 3101) of the FlexiProvider. This is a
major release with many changes. Detailed release notes follow shortly.
FlexiProvider 1.5.2 released
On January 28th, 2008, we released version 1.5.2 (build 2849) of the FlexiProvider. In this release,
the FlexiAPI algorithm registration has been improved significantly. It is now possible to
register standardized algorithms parameters (currently used with the EC provider). Also, some methods
have been added to support applications using the FlexiProvider (e.g., getting the names of all
registered algorithms of a certain type, getting all alias names for an algorithm, etc.).
In addition, the CMSS implementation was significantly reworked (speedup, more elegant code, minor
Patch release 1.5.1p2 (build 2813), January 10th, 2008
- Fixed registration of some algorithms (mostly OID aliases of symmetric ciphers with
predefined mode, padding, or key length)
- Fixed truncation error of message digest in ECDSA
- Fixed bug in equals() method of Coronado OTS and Merkle OTS keys
Patch release 1.5.1p1 (build 2795), January 4th, 2008
- Bugfix of de.flexiprovider.api.Cipher.engineGetParameters(): corrected null
return in case that no parameters exist
- Updated ANT build file
FlexiProvider 1.5.1 ("New year's edition") released
On January 1st, 2008, we released version 1.5.1 (build 2778) of the FlexiProvider. In this release,
the FlexiAPI has been refactored a little. Also, the API for EC domain parameters has changed
(again). In addition, the following bugs have been fixed:
- Fixed PBES1 and PBES2 implementations and registrations
- Fixed registration of DESede/CBC/PKCS5Padding
- Adjusted algorithm parameters for DESede (now using generic ModeParameters)
Patch release 1.5p1 (build 2718), November 22nd, 2007
- Update of EC domain parameter registry, leading to a change of a constructor signature of de.flexiprovider.ec.ecparameters.ECParameterSpec
- Adjusted visibility of some constructors and getters of Key classes
FlexiProvider 1.5 released
On November 20th, 2007, we released version 1.5 (build 2682) of the FlexiProvider. In this release,
the FlexiProvider has undergone major changes. The internal API (now called FlexiAPI) was extended
so it is now a full-fledged replacement for the JCA/JCE. Compatibility of the FlexiProvider with
JCA/JCE was fully preserved in this process, so client code using older versions of the FlexiProvider
can remain unchanged.
The FlexiAPI was designed to be compatible with Java Micro Edition (J2ME). All implementations
have been adjusted correspondingly. Minor adjustements of some J2SE replacement classes still have
to be done, so the FlexiProvider source code for J2ME will be contained in one of the following
The following algorithms have been added in this release:
- Multi-exponent RSA
- Multi-prime RSA
- Rebalanced RSA
- Rprime RSA
Also, many minor bugs have been fixed (e.g. ECIES finally works).
Patch release 1.4.2p1 (build 2209), September 10th, 2007
- Internal API update (of de.flexiprovider.common.api.AsymmetricCipherSpi)
- Streamlined EC arithmetic
- Streamlined DSA and ECIES algorithms
FlexiProvider 1.4.2 released
On July, 20th, 2007, we released version 1.4.2 (build 2049) of the FlexiProvider. In this release,
the EC provider has undergone a major optimization and a small API change. Additionally, some
minor bugs have been fixed.
FlexiProvider 1.4.1 released
On July, 13th, 2007, we released version 1.4.1 (build 2002) of the FlexiProvider. The following
changes have been made:
- Removed deprecated adapter package de.flexiprovider.ec.arithmetic (package has
been refactored to package de.flexiprovider.common.math.ellipticcurves in
- The EC key factory now supports encoding and decoding of EC public keys without EC domain
parameters (also known as "implicitly CA" parameters).
- Speed-up of EC arithmetic, also fixed two bugs.
- All symmetric ciphers now support initialization via an instance of class
- Fixed encoding of McEliece public and private keys
Patch release 1.4p3 (build 1942), July 10th, 2007
- Added support for parameters to RSASSA-PSS (new parameter spec class is
- Internal API update of classes BlockCipherSpi, Mode,
- Minor update of elliptic curve classes (arithmetic and protocols)
- Fixed registration of Coronado OTS and CMSS algorithms (again)
Patch release 1.4p2 (build 1880), June 18th, 2007
- Fixed registration of Coronado OTS and CMSS algorithms
- Fixed many checkstyle warnings
Patch release 1.4p1 (build 1845), May 31st, 2007
- Fixed error in de.flexiprovider.common.api.BlockCipherSpi: unpredicted
behaviour in case of multiple doFinal() calls
- Fixed many checkstyle warnings
- Javadoc update
FlexiProvider 1.4 released
On April 17th, 2007, we released version 1.4 (build 1716) of the FlexiProvider. No new algorithms
have been added in this release. This version of the FlexiProvider has been compiled with JDK
version 1.3, instead of version 1.2 as in the case of all older versions. The reason is that the
RSA key pair generator class now supports initialization with RSAKeyGenParameterSpec
objects, and this class did not exist prior to Java version 1.3.
Additionally, the following changes have been made:
- Major cleanup of the error correcting code arithmetic (packages
de.flexiprovider.common.math.linearalgebra) and the dependent classes
- Cleanup of the elliptic curve arithmetic (package
de.flexiprovider.common.math.ellipticcurves) and the dependent classes
- Minor API cleanup
Patch release 1.3.1p1 (build 1622), March 16th, 2007
- Fixed error in unpad()-method of de.flexiprovider.common.padding.PKCS5Padding
- Replaced seed generator of de.flexiprovider.core.random.BBSRandom and
de.flexiprovider.ec.ecprng.ECPRNG by faster version
FlexiProvider 1.3.1 released
On January 30th, 2007, we released version 1.3.1 (build 1553) of the FlexiProvider.
The following algorithms have been added in this release:
Also, we included some adapter classes in the de.flexiprovider.ec.arithmetic
package to ensure backwards compatibility of the elliptic curve arithmetic classes
(found in package de.flexiprovider.common.math since release 1.3).
- SHA224withRSA signature (OID 1.2.840.1135188.8.131.52)
- RawECDSA (ECDSA without message digest, no OID)
FlexiProvider 1.3 released
On December 19th, 2006, we released version 1.3 (build 1481) of the FlexiProvider.
Although no new algorithms have been added in this release, the version number
indicates a major change. This is because we consolidated all mathematical classes
into one package (de.flexiprovider.common.math). Also, there have been
minor changes to the API classes (package de.flexiprovider.common.api) as
well as some bug fixes.
Patch release 1.2p1 (build 1279), November 23rd, 2006
- Added serialization support for some GF(2n) arithmetic classes. Necessary
for serialization of EC keys over GF(2n).
FlexiProvider 1.2 released On November 21st, 2006,
we released version 1.2 (build 1249) of the FlexiProvider. The following changes
have been made since the last release:
- Asymmetric modes are no longer supported: all asymmetric ciphers can only
be used in single block mode. This may require changes in some applications
using asymmetric ciphers with the AsymmetricECB and AsymmetricCBC modes.
- New signature algorithms: ECDSA with SHA2 family digests (SHA224, SHA256,
SHA384, and SHA512)
- New supported symmetric mode: CTR (counter mode)
- The McEliece and Niedderreiter cryptosystems now support matrices in systematic
form (leading to smaller public keys).
- Minor error fixed in RSA cipher
- Fixed OID registrations of some algorithms
FlexiProvider 1.1.7 released On October 23rd,
2006, we released version 1.1.7 (build 1124) of the FlexiProvider. The following algorithms
have been added in this release:
Additionally, we fixed some issues with the mode classes.
- McEliece and Niederreiter cryptosystems: these cryptosystems are based on error
correcting codes. They can be found in the FlexiPQCProvider.
- CFS signature scheme: this signature scheme is based on error correcting codes.
It can be found in the FlexiPQCProvider.
- SHA-224: this message digest can be found in the FlexiCoreProvider.
Patch release 1.1.6p2 (build 924), September 19th, 2006
- Fixed some inconsistencies of the last release
Patch release 1.1.6p1 (build 905), August 31st, 2006
- Error fixed in CMSS key pair generation
- Error fixed in nextKey() method in package de.flexiprovider.pqc.cmss.CMSSPrivateKey
FlexiProvider 1.1.6 released On August 18th,
2006, we released version 1.1.6 (build 892) of the FlexiProvider. In this release, we are glad
to present a new provider, the FlexiPQCProvider. This provider contains cryptographic
algorithms for the post-quantum era. Currently, it contains an implementation of
CMSS, a signature scheme whose security relies on the existence of cryptographic hash
functions. Furthermore, we included the DHA256 and FORK256 hash algorithms in the
Patch release 1.1.5p8 (build 818), August 9th, 2006
- Errors fixed in mode classes
- Errors fixed in padding scheme classes
- Improved ECIES
- Small update of MD4 and MD5 message digests (now return correct digest length)
Patch release 1.1.5p7 (build 760), June 21st, 2006
- Tiger message digest added
- Severe errors fixed in ECIES
- Severe errors fixed in CFB, ECB and CBC modes
- Error fixed in arithmetic, affected ECIES, ECKeyAgreement and ECNR
- Fixed error in ElGamal keypair generation
- Improved RSA keypair generation
- RIPEMD160 improvement
- Refined build process
Patch release 1.1.5p6 (build 428), April 12th, 2005
- Error fixed in BasicCipher
Patch release 1.1.5p5, May 28th, 2004
- OID aliases added for KeyPairGenerators (ECDSA, ECDH, IQRDSA, IQDSA and IQGQ)
per Michael Hartmann's request
Patch release 1.1.5p4, May 26th, 2004
- Errors fixed in IQDSA, IQRDSA and IQGQ signature algorithms
- Error fixed in FlexiDigest, affected MD4, MD5, RIPEMD128 and RIPEMD160
- EC arithmetic enhanced by affine coordinates
- Documentation fixes
Patch release 1.1.5p3, August 11th, 2003
- Error fixed in ECParameterGenerator
Patch release 1.1.5p2, July 31st, 2003
- Codec fixes
- PBE error fixed
- OID alias updates
- Javadoc improvements
FlexiProvider 1.1.5 released
On April 15th, 2003, version 1.1.5 of the FlexiProvider has been released. In this
release, the following major enhancements and changes have been made:
- Error fixed in GF(p) arithmetic
- Errors fixed in RawDSA and ECNR signature algorithms
- Error fixed in ECB mode
- Error fixed in RSA key factory
- Error fixed in padding of the SHA family
- Error fixed in ECParameters
- Bugfixes of the FhG codec merged
- Corrected some algorithm aliases for the SHA family
- IES made compatible with JCE 1.2.1
FlexiProvider 1.1.4 released It's been
awhile since the last release, but on February 10th, 2003, we managed to
get version 1.1.4 of the FlexiProvider out of the door. This release
finally has engineGetKeySize() support which should remove the
trouble users have had with getting the FlexiProvider to work with the
JCE supplied with Java 1.4. Furthermore, the RSA PKCS#1 signature and
encryption routines have been completely revamped, ECIES can now be
used as a proper Cipher, plus we sport a new symmetric block
cipher, Camellia, the
replacement for E2, which was dropped in FlexiProvider 1.1.2. We have
also imported the changes from the FhG codec version 2.0 in our
repository and are now offering the FhG codec 2.0 for download.
FlexiProvider 1.1.3 released On July 27th,
2002, version 1.1.3 of the FlexiProvider has been released. This is
mainly a bugfix release. Most notably we have corrected the RSA-OAEP
bug reported repeatedly on the provider-users mailing list as well as a
bug in ECDSAPrivateKeySpec reported to us by Maria Xu of Hitachi. Also,
Andreas Kuehne noted that the binary release 1.1.2 was not compatible
with JDK1.2. This has been rectified as well.
But not only bugs
have been squashed; Harald Baier implemented ECPRNG for the
FlexiProvider, a pseudorandom number generator based on a design
proposed by Burt Kaliski.
Please note that we have recently
adopted a new philosophy of exception handling in the FlexiEC provider
and are now throwing RuntimeExceptions in cases where exceptions listed
in the method signature do not qualify. Previously those errors were
handled by recasting the exception.
FlexiProvider 1.1.2 released
On June 17th, 2002, version 1.1.2 of the FlexiProvider has been released. The
following major enhancements and changes have been made:
- ECIES has been made compliant with the IEEE P1363a draft
- We now support all named curves from ANSI X9.62 and SEC 2 over both
GF(2n) and GF(p). For more details please consult the documentation on
- A new package for the Integrated Encryption Scheme as specified in
IEEE P1363a has been added (de.flexiprovider.common.cipher.ies).
Although located in the "common" hierarchy it depends on the
FlexiCoreProvider because of the use of HMAC functions.
- New message digests have been implemented: SHA-256, SHA-384 and SHA-512,
Draft FIPS 180-2.
- IDEAParameterSpec was missing in de.flexiprovider.core.spec package.
- ElGamalKeyFactory was not registered in the FlexiCoreProvider.
- Database lookup for GF(2n) polynomials disabled. This fixes the
"GF2n.database not found" bug (bug description was missing, updated June 20th, 2002).
FlexiProvider 1.1.1 released On February 11th, 2002, we released
version 1.1.1 of the FlexiProvider. Several significant changes have occured since the last
release of the provider, which was the cdcProvider 1.9.1 (we have changed the name meanwhile, but
that's more of a footnote ).
- Since NTT no longer supports the adoption of the E2 cipher,
we decided to drop it in the current release of the Core Provider.
- The block cipher SAFER++ (a NESSIE candidate) has been implemented
and is available in the Core Provider.
- The mode classes for the symmetric ciphers were rewritten.
- Design changes werde made to the interface BasicCipher wherewith mode
classes and padding classes interoperate.
- The EC provider now supports both GF(p) and GF(2n)
arithmetic. Furthermore, support for ECElGamal was dropped for
both security reasons and is now superseded by ECIES. Support
for the Diffie-Hellmann key exchange protocol ECDH was added as
well as the signature scheme ECNR.
- The Number Field Provider, which formerly was being announced
but withheld from the public, has now been released in an improved
version. The relevant encodings of the imaginary quadratic field (IQ)
cryptography algorithms have been laid down in an TUD IQCryptography
- Bugs impairing the functionality of the Provider were found
and fixed in the Asymmetric ECB, RSA PKCS #1 v1.5 and v2.1 cipher
as well as in the RSA PKCS #1 v1.5 signature classes.
 In late 2001, our research group decided
to change the name of the Java cryptographic service provider it
was developing from cdcProvider to FlexiProvider. For further information,
read the FAQ.
Send bug reports
To report a bug, please send an email to email@example.com.