skm_mail at yahoo.com
Fri Sep 3 12:04:18 CEST 2010
So can I consider the GnuPG tool to be non FIPS complaint even though the underlying library is fips complaint.
--- On Wed, 9/1/10, Hideki Saito <hidekis at gmail.com> wrote:
From: Hideki Saito <hidekis at gmail.com>
Subject: Re: Fips compliance
To: "khaja mohideen" <skm_mail at yahoo.com>
Cc: gnupg-users at gnupg.org
Date: Wednesday, September 1, 2010, 2:23 AM
Am newbie to gpg encryption. My question is
Is gpg FIPS compliance.
A quick search reveals its not.
Where as in this link its states that libgcrypt is FIPS complaint and its need to be put in that mode explicitly.
Since libgcrypt library is being used by gpg tool. can we say that gpg is fips complaint.
As far as I know, FIPS requirements are quite specific. Library may have been implemented and complaints to FIPS requirement -- but all components would need to be complaints to FIPS to be able to call it FIPS complaint. (and I don't have answer for that...)
If your question is if GnuPG is FIPS *certified* then answer is probably no, unless someone has submitted some particular version of GnuPG for certification and passed it.
Hideki Saito <hidekis at gmail.com>
Buzz: hidekis at gmail.com
Wave: hidekis at googlewave.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users