Jipher is a cryptographic service provider for Java that packs a FIPS 140-2 validated OpenSSL cryptographic module.
Oracle has announced Oracle Jipher, which makes cryptographic services available for Java developers using the standard Java Cryptography Architecture (JCA) framework.
Announced April 29, Jipher is a Java cryptographic service provider that packages a Federal Information Processing Standards (FIPS) 140-2 validated OpenSSL cryptographic module. Jipher is packaged as a JAR file and is downloadable from Java Tools and Resources and from My Oracle Support Β for Java SE users.
Oracle noted that the JDK includes cryptographic service providers such as Sun, SunRsaSign, and SunJC, which provide concrete implementations of algorithms as defined by the JCA framework. These providers let Java applications access security algorithm implementations by specifying a particular provider or by letting the framework locate the requested algorithm by searching through the registered providers in the specified preference order. However, these cryptographic service providers are not FIPS-140 validated. FIPS-140 standards, which are published by the National Institute of Standards and Technology (NIST), define security requirements for cryptographic modules.
Jipher enables deployments of Java applications in FIPS 140-regulated environments. It achieves this by leveraging the OpenSSL 3.x FIPS module, Oracle said.Β Jipher requires an up-to-date release of Oracle JDK 17 or JDK 21, or GraalVM for JDK 17 or JDK 21, and is made available under theΒ Java SE OTN license. It is supported for Java SE subscribers and users running Java workloads in Oracle Cloud Infrastructure.
Jipher represents a significant advancement in Oracleβs commitment to delivering standards-compliant security solutions, Oracle said. With JDK 24, released in March, Oracle delivered two post-quantum algorithm implementations standardized by FIPS 203 and FIPS 204 to help protect Java users against emerging threats of quantum computing.
