Question about FIPS support in pyjks

[bbozo]

Hello pyjks maintainers,

I was wondering if pyjks supports Bouncy Castle's FIPS mode. I couldn't find any information related to FIPS support in the existing issues or documentation.

If pyjks does support FIPS mode, could you please point me to the relevant documentation or examples demonstrating how to enable and use it?

If FIPS mode is not currently supported, are there any plans to add this functionality in the future? I would be interested to know if this is something on the roadmap.

Thank you in advance for your help in clarifying this. Please let me know if you need any additional information from me.

[mahmoud]

@bbozo We don't have any FIPS-specific functionality. Last I understood, FIPS was mostly about disabling weak cryptographic routines more than supporting anything new. As such, no future plans, either. That said, neither maintainer has interacted much with JKS in the last few years, so you probably know better than we do.

[bbozo]

@mahmoud understood, thank you ❤️

"FIPS Compliant Bouncy Castle Keystore" is sometimes referred to as BCFKS keystore - https://downloads.bouncycastle.org/java/docs/bcprov-jdk14-javadoc/org/bouncycastle/jcajce/provider/keystore/BCFKS.html

Do I understand correctly that the project is no longer actively maintained?

[mahmoud]

Ah, BCFKS looks like possibly the successor spec to UBER. At a surface level, looks like BCFKS is a pretty similar format, but with updated standard algorithms in the spec: https://keystore-explorer.org/doc/5.5/specifications.html

We've got these docs on BouncyCastle: https://pyjks.readthedocs.io/en/latest/bks.html and the code is here: https://github.com/kurtbrose/pyjks/blob/master/jks/bks.py added in #20

To your other question, safe to say PyJKS isn't actively developed by the original author(s). That said, if you want to add a format like BCFKS, etc., you can follow the example PR above, and we can do some review, merge, and release.