I'm developing a Java project that needs to use a FIPS 140-2 validated module for crypto signatures. I'm leaning towards using the OpenSSL FIPS Object Module. After browsing around the webs, I couldn't find anything that implemented a Java bindings for OpenSSL in the Java Cryptography Architecture. I was wondering if anyone could point me to such a library, or an alternative approach to using OpenSSL in Java for crypto signatures.
Asked
Active
Viewed 1,805 times
3
-
Interesting. I don't think that such bindings exist, but it shouldn't be hard to create your own with JNA or JNI, especially if your required functionality is limited. – erickson Oct 10 '11 at 19:01
2 Answers
2
Better use IBM FIPS compatible (140-2 level 1) JCE module which comes with IBM JRE. http://publib.boulder.ibm.com/infocenter/realtime/v1r0/topic/com.ibm.rt.doc.10/security/jcefips/ibmjcefips.html
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/140crt1081.pdf
Martin Paljak
- 4,119
- 18
- 20
-
And of course, you can always use the Good Old Unix to execute OpenSSL command line tools from Java... – Martin Paljak Oct 10 '11 at 12:06
-
-
err.. IANAL but I believe you are free to execute any and all commands from your proprietary application. There is no linking happening. – Martin Paljak Oct 11 '11 at 06:23
-
No I mean for the IBMJCEFIPS... can I use it with my Oracle JRE? Do I have to buy Websphere to get it? Etc. – erickson Oct 11 '11 at 07:06
-
0
I know this is an old question but I hoped this might help others. Bouncy Castle provides a FIPS 140-2 Validated JCA provider.
CaTalyst.X
- 1,645
- 13
- 16