Re: FIPS Certification

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FIPS Certification

From:	Simon Josefsson
Subject:	Re: FIPS Certification
Date:	Tue, 17 Nov 2009 11:58:45 +0100
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Simon Josefsson <address@hidden> writes:

> "Hoyt, David" <address@hidden> writes:
>
>> Is or will there be an effort to become FIPS certified? If so, is
>> there a schedule laid out for the process? Is there a webpage I can
>> look at to keep myself up-to-date on the certification process?
>
> All the crypto in GnuTLS normally happens in libgcrypt, and I recall
> seeing libgcrypt mentioned on the list of projects underway of becoming
> FIPS-certified some time ago.

Looking again, I see that AES/3DES/SHA1/SHA2/RSA/DSA/RNG in libgcrypt
have been FIPS certified.  Follow links from:

http://csrc.nist.gov/groups/STM/cavp/validation.html

Still, older TLS does not use standard RSA PKCS#1 so you have to make
sure GnuTLS is really using the right crypto bits from libgcrypt.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Re: FIPS Certification, Simon Josefsson <=

Prev by Date: Re: TLS Renegotiation problem
Next by Date: Re: TLS Renegotiation problem
Previous by thread: Unencrypted connection?
Next by thread: gnutls is unable to get x509 certificate
Index(es):
- Date
- Thread