Questions tagged [fips]
Federal Information Processing Standards (FIPS) are a set of US government security standards.
108 questions
1
vote
1
answer
74
views
FIPS compliance and cipher implementations
I've written an parallelized implementation of the AES-CTR cipher using OpenSSL. Since you can precompute any block of keystream data based on the counter it's actually embarrassingly parallel which ...
- 111
2
votes
0
answers
91
views
rationale for the FIPS 140-3 Pre-operational Integrity Technique Self-test
The FIPS 140-3 10.2.A Pre-operational Integrity Technique Self-test introduces new requirement. Prior to that, in FIPS 140-2, a Power On Self Test was done in order to be able to use a given part of a ...
- 121
2
votes
2
answers
977
views
RHEL in FIPS mode ignores crypto subpolicy
I have a number of RHEL 8 and RHEL 9 systems with FIPS mode enabled. I'm trying to use a crypto subpolicy to disable CBC ciphers, but the subpolicy seems to be ignored in FIPS mode even though it is ...
- 1,201
2
votes
2
answers
898
views
What is the main difference between bcprov and bc-fips (bouncycastle) jar?
I am having difficulty understanding the differences between bc-prov and bc-fips jar. I understand bc-fips contains the subset of bc-prov packages as well. But I want to understand more about the ...
- 21
3
votes
1
answer
1k
views
When is FIPS certification important?
I was looking at YubiKeys and noticed that they sell FIPS certified keys alongside non-FIPS certified keys. Both seem to have the same feature sets, but the FIPS certified keys are more expensive. ...
- 195
1
vote
0
answers
144
views
Does openssl3.1 support UEFI target with FIPS enabled?
I am trying to build openssl 3.1 in FIPS mode for the UEFI target. But the config option enable-fips as defined in the documentation does not define the flag FIPS_MODULE for UEFI targets. Also, I ...
- 111
1
vote
0
answers
901
views
How can I FIPS enable openssl3 on yocto linux?
I'm running yocto linux, which has openssl3 installed. I manually compiled the openssl FIPS module (fips.so), generated the fipsmodule.cnf file, and modified my openssl.cnf to use it.
I know FIPS is ...
- 11
2
votes
1
answer
131
views
What FIPS 140-2 expects for secret keys passed as arguments of a methods?
I don't get exactly what FIPS 140-2 expects when your method receives secret keys via arguments. For example, in a lot of FIP-compliant libraries such as OpenSSL, we have a method like this:
int ...
- 123
1
vote
0
answers
504
views
How to achieve an authentication method FIPS 140-3?
I've been studying the FIPS 140-3 but I still have questions about how to determine if an authentication protocol is FIPS compliant or not:
1- Is RADIUS over EAP-TLS FIPS 140 compliant? I know that ...
- 11
3
votes
2
answers
3k
views
Does OpenSSL 3.0 FIPS support TLSv1 and TLSv1.1?
OpenSSL 3 migration guide doesn't mention anything about TLSv1 and TLSv1.1
FIPS provider doesn't mention it as well.
But my understanding is that TLSv1 and TLSv1.1 isn't supported by FIPS provider as ...
2
votes
2
answers
410
views
FIPS 140-2 compliance implementation
I'm quite new to the security topic and encryption.
Our software has to comply with FIPS 140-2. I have the following method (C#).
In this case, the algorithm is AES256.
What concerns me, is that we ...
3
votes
1
answer
398
views
Is it (under FIPS) possible to generate a CSR for an asymmetric key with usage=WRAP?
To clarify: The FIPS module Security Policy lists using RSA keys for wrap/unwrap. FIPS is a moving target, and the state of the requirements when the CMVP approved module went through the process ...
- 281
1
vote
0
answers
31
views
Do comparable standards like FIPS exist for Germany or the European Union? [duplicate]
NIST, the National Institute of Standards and Technology, does publish FIPS, the Federal Information Processing Standards Publications.
Does Germany or the European Union have their own standards?
Or ...
- 21
0
votes
0
answers
363
views
Validate the conformance of an OpenSSL created certificate with FIPs standards
Trying to test the conformance of the certificates inside our application, with the below requirement:
The application shall [selection: invoke platform-provided
functionality, implement ...
- 109
2
votes
1
answer
487
views
If I buy any FIPS 140 certified USB flash drive can I be sure that it's firmware is signed?
Does either FIPS 140-2 or FIPS 140-3 certification require USB flash drive's firmware to be signed so that malicious computer cannot overwrite flash drive's firmware? e.g. badusb attack.
If I buy any ...
- 21