Federal Information Processing Standards (FIPS) are a set of US government security standards.
Questions tagged [fips]
105 questions
4
votes
1 answer
Can my software get FIPS 140-2 certified?
I am starting the early stages of researching the possibility of getting FIPS 140-2 certified, but I have run into some confusion. To start, our software is written in Java and does not actually do any of the encryption/decryption, currently that is…
Sam
- 63
- 5
3
votes
1 answer
Can I enter PINs or passwords into a FIPS140-2 crytographic module in plaintext?
Do passwords (or PINs) used for authentication of operators of a cryptographic module have to be protected (encrypted) when entered into the FIPS140-2 defined cryptographic boundary? Are the requirements for entry of PINs and passwords equivalent…
Drew Lex
- 2,023
- 2
- 19
- 24
2
votes
1 answer
What FIPS 140-2 expects for secret keys passed as arguments of a methods?
I don't get exactly what FIPS 140-2 expects when your method receives secret keys via arguments. For example, in a lot of FIP-compliant libraries such as OpenSSL, we have a method like this:
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const…
Afshin
- 123
- 4
1
vote
1 answer
Is running software in Docker an allowable way to bypass FIPS 140-2 issues?
Someone has a service that uses a FIPS non-compatible hash in a protocol signature. When FIPS 140-2 compatibility is enabled on the hosts the service crashes (due to the hash signature being not allowed by the security configuration of the host). …
anon289837
- 11
- 1
0
votes
1 answer
What does it mean to be FIPS 140-2 compliant?
We have a product that uses Apache HTTPD, Tomcat, and MongoDB. It uses OpenSSL for HTTPS connection and Bouncy Castle library for the encryption of data in the database.
What does it mean to be FIPS 140-2 compliant?
Is it enough to use FIPS 140-2…
Michael
- 1,479
- 1
- 18
- 37
-1
votes
1 answer
What is the open source equivalent to a FIPS 140-2 certification
What is the open source equivalent to FIPS 140-2?. There are businesses that use it when doing business with government. Since a lot of us wont be doing business with the government, is there a similar standard open to the rest of us that can give…
Gandalf
- 107
- 5