Stack Overflow
Stack Overflow

Questions tagged [fips]

The term "fips" commonly refers to the Federal Information Processing Standards Publication 140 (FIPS 140), a document published by the National Institute of Standards and Technology (NIST), a U.S. government agency. Cryptographic software and hardware that complies with the standard must use only cryptographic algorithms specified in FIPS 140-2, the latest published revision.

The term FIPS is sometimes used to refer to a specific publication, Security Requirements for Cryptographic Modules FIPS 140. Cryptographic software and hardware that complies with the standard must use only cryptographic algorithms specified in FIPS 140-2, the latest published revision.

However, FIPS 140-2 is one of many publications that describes information technology standards for use by U.S. Government Agencies.

Further information can be found at the FIPS Home Page

432 questions
2
votes
1 answer

Android, how to use fipsld in "ndk-build" for openssl

In order to use fips-capable openssl library (libcrypto.a in my case) on android, I need to link the built libcrypto.a in my.so (JNI code). According to openssl fips 2.0 user manual, fipsld should be used to verify and generate hmac signature. I am…
brewphone
  • 1,316
  • 4
  • 24
  • 32
2
votes
0 answers

openssl fips error

I use OpenSSL libraries in a service project running in Windows. These libraries are build as FIPS compliant. In a 32-bit Windows OS, the service works fine. However, the program crashes when I try to run the project in a 64-bit Windows (Windows…
bugra
  • 181
  • 3
  • 8
2
votes
1 answer

PIV Smart Card - GENERAL AUTHENTICATE - Sign a nonce

I was hoping someone could help me with the PIV smart card standard. I would like to authenticate the smart card by making it sign a PKCS#1 padded nonce with the previously generated RSA 1024-bit modulus Digital Signature Key 0x9C. Here is what the…
GHW
  • 71
  • 11
1
vote
0 answers

How to make bouncycastle .net libraries talk to FIPS validated .net implementation

We are currently building a certificate authority .net that will: Generate a root certificate Use the root certificate to issue device certs. Revoke a device certificate Generate a Certificate Revocation List. Generate a Delta CRL We are…
Himanshu Page
  • 133
  • 6
1
vote
0 answers

NSS PKCS11 not working well as jsse provider

I'm using Network Security Services as my Sun PKCS#11 provider for my Java application and I'm experiencing some undesired behavior. reinserting the same trusted certificate into the Keystore will delete the trust attributes that were successfully…
Mike
  • 401
  • 1
  • 6
  • 15
1
vote
1 answer

Is there FIPS compliant RADIUS .NET solution?

I am wondering if there is a FIPS compliant solution for authenticating with a RADIUS server via .NET , such as http://code.google.com/p/radius-net/source/browse/trunk/radius-net/src/?r=4 The problem with the linked one that makes it not compliant…
Eton B.
  • 6,121
  • 5
  • 31
  • 43
1
vote
1 answer

Override MD5 to make it FIPS validated?

Is there is a way to override the MD5 functionality provided by MD5CryptoServiceProvider to make it FIPS validated? This is because I would like to keep the logic used in the application and not modifying MD5 for another hashing algorithm that might…
Eton B.
  • 6,121
  • 5
  • 31
  • 43
1
vote
2 answers

Enabling FIPS during application execution?

I'm doing some testing regarding FIPS validation with an application that currently isn't. I am able to disable FIPS so the application can startup, and then I enable FIPS while using the application. The thing is, some of the functionality that I…
Eton B.
  • 6,121
  • 5
  • 31
  • 43
1
vote
0 answers

Running Bouncycastle in FIPS approved only mode, but still able to access unapproved algorithm

While testing my FIPS 140-2 compliance configuration, it appears that I am still able to access the unapproved MD5 algorithm. This leads me to believe that I have configured the BouncyCastle FIPS JCE provider incorrectly. The following code does not…
MrDetail
  • 230
  • 3
  • 12
1
vote
0 answers

OpenSSL internal error, assertion failed: FATAL FIPS SELFTEST FAILURE

I had an application written in Python3.9 packaged as executable file using PyInstaller in a CentOs7 docker image. Able to install the app successfully in linux machines where FIPS is disabled. If I try install it in FIPS enabled RHEL8.7 machine it…
user1919581
  • 481
  • 2
  • 14
  • 32
1
vote
1 answer

EE Certificate key too weak error in Openssl 3.1.0 FIPS enabled

I had compiled Openssl 3.1.0 with fips using the below given scripts. Installation is successful and works fine. But if FIPS enabled then not able to make any outbound connections, getting EE certificate too week error. wget…
user1919581
  • 481
  • 2
  • 14
  • 32
1
vote
0 answers

Can BoringCrypto be used only for Linux (linux_amd64 and linux_arm64)?

Context: there's a similar question that says that in order to make an app FIPS compliant one should use BoringCrypto which is wrapper around BoringSSL. But I had some issues properly compiling with it on MacOS (using GOEXPERIMENT=boringcrypto), so…
Kostya Linou
  • 113
  • 7
1
vote
1 answer

OpenSSL 3.0.8: FIPS functionality not working with libcrypto library in custom path

OpenSSL: 3.0.8 Python: 3.9.16 I enabled FIPS using below script but FIPS functionality is not working when I use custom libcrypto path but working fine if I use default path. custom path:/tmp/fips_files/libcrypto.so.3 default path:…
dev
  • 13
  • 4
1
vote
0 answers

Go implementation of GRPC server doesnt seem to honour ciphers in FIPS mode

I have the below code. certificate, err := tls.LoadX509KeyPair(certFile, keyFile) if err != nil { // handle err } tlsConfig := &tls.Config{ Certificates: []tls.Certificate{certificate}, MinVersion: …
Gary
  • 31
  • 4
1
vote
0 answers

openjdk 8 running in FIPS mode produces java.security.InvalidKeyException: Could not create key

I am trying to configure Java to run in FIPS mode. I am running openjdk 1.8.0 and NSS 3.79.0 on an AmazonLinux2 AWS instance. As per whatever documentation I could find, I configured the java.security file (security providers and keystore.type…
user21176218
  • 11
  • 1
1 2 3
28 29