Menu
▾
▴
Re: [Opensc-devel] mutual authentication fails when FIPS enabled
|
From: Douglas E E. <dee...@gm...> - 2021-02-02 15:06:19
|
Some additional documentation that might help. https://www.openssl.org/docs/fips/UserGuide-2.0.pdf and https://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf Say: "A subsection of Section 2.1 of the CMVP FAQ entitled "A vendor is selling me a crypto solution - what should I ask?" states: "Verify with the vendor that the application or product that is being offered is either a validated cryptographic module itself (e.g. VPN, SmartCard, etc) or the application or product uses an embedded validated cryptographic module (toolkit, etc). Ask the vendor to supply a signed letter stating their application, product or module is a validated module or incorporates a validated module, the module provides all the cryptographic services in the solution, and reference the modules validation certificate number." "Note that the CMVP FAQ does specify that a FIPS 140-1/2 validated module may be incorporated into another product. It then specifies that making a decision on whether a product is correctly utilizing an embedded module is outside of the scope of the FIPS 140-1 or FIPS 140-2 validation." I can't find the above reference but the following might help. (Note libp11 can't provide such a letter.) http://csrc.nist.gov/cryptval/ http://csrc.nist.gov/groups/STM/cmvp/documents/CMVPFAQ.pdf https://csrc.nist.gov/projects/cryptographic-module-validation-program/cmvp-management-manual-and-faqs https://csrc.nist.gov/Topics/technologies/smart-cards (Government issued PIV smartcards should qualify.) -- Douglas E. Engert <DEE...@gm...> |
