I think you've got the fist of the restriction. You cannot make any
changes to the source code, build files or the commands you use to build
the FOM. None are acceptable if you want a FIPS validate outcome. I.e.
you will lose the FIPS 140-2 validation state if you change anything.
Pauli
To quote from several places:
Once you call FIPS_mode_set (and assuming it returns non-zero), you are using
the NIST approved DRBGs.
>From OpenSSL's Random Numbers wiki page:
The default DRBG is 256-bit CTR AES using a derivation function ... To use the
FIPS random number generator, simply use
On 03/26/2014 02:45 PM, Jason Schultz wrote:
> I’m trying to decipher FIPS 140-2 Certification in regards to OpenSSL
> FIPS module 2.0 and have some questions:
>
>
> 1. Can one claim FIPS validated if running on an Operating
> Environment not listed on Cert #1747? (I don’t think not having
Adam Grossman wrote:
hello,
from my understanding, the US government can not buy a FIPS 140-2
compliant product after 2010. But my employer spoke to someone who said
they can still purchase a FIPS 140-2 validated product as long as they
are "transitionally" compliant by only using cryptographic
- Original Message -
From: "Dr. Stephen Henson"
To:
Sent: Tuesday, December 01, 2009 6:58 PM
Subject: Re: FIPS 140-2 and PBKD
On Tue, Dec 01, 2009, carlyo...@keycomm.co.uk wrote:
In openssl, if I try to use anything using PBKD (PKCS#5 PBKDF2 in
particular) when in FI
On Tue, Dec 01, 2009, carlyo...@keycomm.co.uk wrote:
>
> In openssl, if I try to use anything using PBKD (PKCS#5 PBKDF2 in
> particular) when in FIPS enabled mode, it returns an error.
>
How are you attempting to use it and what error do you get?
Steve.
--
Dr Stephen N. Henson. OpenSSL project
carlyo...@keycomm.co.uk wrote:
> We want to use the FIPS 140-2 compliant OpenSSL module for certain
> customers...
By which I assume you mean the OpenSSL FIPS Object Module v1.2 (cert #
1051).
> ... When interpreting FIPS 140-2, my understanding is ... ... does
> that invalidate the FIPS 140-2 co
This is my understanding of the rules, and I will freely admit that I
am probably not qualified to give an appropriate discourse on this.
The secret key that is used to encrypt a private key is generated from
the passphrase, which itself is not the secret key. It is a "Key
Generator".
In order f
particular certificate.
John
> -Original Message-
> From: Andrew T. Finnell [mailto:[EMAIL PROTECTED]]
> Sent: 25 July 2002 15:12
> To: [EMAIL PROTECTED]
> Subject: RE: FIPS-140 certification
>
>
> John,
>
> Sometimes that is not up to the developer. You
> Just to add my thoughts to the cooking pot, FIPS-140 probably isn't worth a
> string of beans.
You are technically savvy enough to decide that for yourself. Many
folks are not -- who, really, is equipped to run RNG tests and
understand the importance for keygen?
The FIPS-140 specs are remar
One of the main reasons for FIPS is to make writing (US Federal)
government "requests for proposals" easier. Without dwelling on
that, the FIPS is mostly a procurement-thing, not a technical thing.
(Look at the relationship of GOSIP with OSI, the FIPS version of
POSIX...) FIPS is mostly impo
this for common use, we will have to see.
John
Please respond to [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
To: <[EMAIL PROTECTED]>
cc:
Subject: RE: FIPS-140 certification
Bil,
Sad to say but no it is not FIPS-140 certified. We ran into the
same problem also. Basically someone woul
and I'm sure some of them have been FIPS140-1 evaluated.
That way you could use OpenSSL (OpenCA) and still be compliant with your
law.
> - Original Message -
> From: "Jeffrey Burgoyne" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, Janu
el Sistema
Oficial de Seguridad
CERTICAMARA S.A.
- Original Message -
From: "Jeffrey Burgoyne" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 11, 2002 9:38 AM
Subject: Re: FIPS 140
>
> I believe (as this question has been asked before) that FIPS
I believe (as this question has been asked before) that FIPS-140 is also
machine/OS specific and would have to performed for every new
version. The fact is, FIPS-140 compliance as it stands now makes little
sense for openssl. It is really proving to be a challenege for a company i
know developing
On Thu, 10 Jan 2002, Carlos mario Ospina Anzola wrote:
> Anybody knows if openssl is FIPS 140-2 compliant?
>
> I want to use it at work, but the law request a cryptographic module that
> should be FIPS 140-2 compliant.
OpenSSL is free software in development, and to obtain a FIPS validation,
som
Actually, I also think you have to validate it on *every* platform as
well. It could be validated for Sun, but that would not count for HP. This
was explained by a company with a Java based security product. As Java is
multi-platform by nature, the work and cost to certify was horrendous.
Jeff
This one should really go to OpenSSL-Users, not OpenSSL-Dev.
On Tue, 4 Dec 2001, Tina Anderson wrote:
> Has anyone investigated obtaining FIPS 140-1 validation for OpenSSL?
>
> FIPS 140-1 is a U.S. government standard for implementations of
> cryptographic modules.
The validation process is tim
On Thursday 21 December 2000 21:52, Scott Goodwin wrote:
> Yes. FIPS 140-1 is a requirement for government servers running SSL, which
> essentially means all government non-public web servers (FIPS 140-1
> actually covers most cases where you're encrypting info in government
> systems).
>
> FIPS 1
19 matches
Mail list logo
