Rephrasing the question
Stan Rydzewski
srydzews at gmail.com
Thu Jan 4 21:39:31 CET 2007
Hello. I am part of a team creating a communcations process by which
hospitals would submit files periodically to a government organization
in the United States. We were contemplating using GPG as part of this
process. A few days ago, one of the hospitals involved stated
"The VA requires that all encryption MUST be FIPS140-2 compliant. Do
you know if this program is?"
Well not only do I not know, I'm not entirely sure how to tell. I
asked about this yesterday, but somewhat sketchily. Allow me to
elaborate a bit. On the one hand it appears to me that GPG implements
algorithms listed here:
http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf
as regards encryption, hashing, and authentication. But on the other
hand GPG itself does not seem to be listed here:
http://csrc.nist.gov/cryptval/140-1/1401val2003.htm#329
I'm not sure whether it even makes sense to think that it /could/ be
on that list.
I know this is all very basic stuff but I'm looking for a little
guidance here. In searching the archives (yes, got that part) I can
find only a few oblique references to FIPS.
--Stan Rydzewski
More information about the Gnupg-users
mailing list