Bouncy Castle VS Weld

Note that there may be incompatibilities until NIST has published the final revisions. Some specifications are on Round 3 kyber, others are on FIPS 203.

This one will interoperate with Bouncy Castle as we both use FIPS 203 draft, but won't interoperate with OQS that is still on the Round 3 submission.

See also: https://github.com/bcgit/bc-java/issues/1578

The readme mentions a dependency on Bouncy Castle - note that BC already contains several Java-based PQC signature schemes, see https://doc.primekey.com/bouncycastle/interoperability#Inter... and https://github.com/bcgit/bc-java

The best official resources are probably the example classes in the bouncycastle repository. They give you a rough idea for how to use the API, although they are a bit minimal unfortunately. You can probably apply a lot of domain knowledge (what algorithms are good/bad) from openpgpjs too, although you'd have to find out how the respective method calls are called on the BC side.

Why? Bouncy Castle has all you need.

Cryptography? Use Java Cryptography Extensions and Java Secure Socket Extensions with Bouncy Castle

Recently there was a constant time enhancement in bouncy castle that added a comparison using indexOf instead of charAt. Fairly easy to overlook, although glaring in hindsight, if there are no negative tests covering the functionality.

I've been using CDI for something like this. The project is temporarily hosted here.

Any DI lib would probably work, it depends on your preferences and use cases though.

I'm personally a fan of Weld since its the reference implementation of the CDI spec.

https://weld.cdi-spec.org/

Need only Dependency injection? Perhaps JBoss Weld, a reference CDI implementation, might interest you.