2

I don't get exactly what FIPS 140-2 expects when your method receives secret keys via arguments. For example, in a lot of FIP-compliant libraries such as OpenSSL, we have a method like this:

int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
                       ENGINE *impl, const unsigned char *key, const unsigned char *iv)

which starts symmetric cryptography operation. This method takes plain key as an argument. How does getting plain keys in the method interface satisfy the requirements of FIPS 140-2? Because I thought for FIPS 140-2, we need to have a secure method for importing secret/private keys inside the FIPS module.

Any idea?

kenlukas
  • 1,961
  • 1
  • 9
  • 21
Afshin
  • 123
  • 4

1 Answers1

2

Per Certificate #4282 OpenSSL is only 140-2 Level 1 compliant. This does not include any measures to protect plain text cryptographic key material. Even if OpenSSL only accepted secure key imports, when it is run on a random PC this could be circumvented in a way that Level 2 would otherwise cover and would be still rated to Level 1. So there is no need for such an interface.

foreverska
  • 2,057
  • 2
  • 11