What type of digital signature should I use for FIPS compliance

Asked Feb 04 '15 at 16:56

Active Feb 04 '15 at 16:56

Viewed 836 times

I am working with openssl to produce a FIPS compliant digital signature.

What type of digital signature I can use?

I used this command:

openssl genrsa -aes128 -passout pass:mypassphrase -out privkey.pem 2048

to generate a pem file but when I tried to load this as follows:

RSA rkey = PEM_read_bio_RSAPrivateKey( bio, 0, 0, (void)"mypassphrase");

I receive this error

error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips'.

If I leave the passphrase off then everything works (in FIPS mode even) but that leaves my private key unencrypted.

asked Feb 04 '15 at 16:56

Rex Bloom

I figured this out with help from openssl. call set OPENSSL_FIPS=1 prior to creating the pem file. – Rex Bloom Feb 04 '15 at 20:59
This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. – jww Feb 08 '15 at 10:00

0 Answers0