Rephrasing the question

Stan Rydzewski srydzews at
Thu Jan 4 21:39:31 CET 2007

Hello. I am part of a team creating a communcations process by which
hospitals would submit files periodically to a government organization
in the United States.  We were contemplating using GPG as part of this
process.  A few days ago, one of the hospitals involved stated

"The VA requires that all encryption MUST be FIPS140-2 compliant.   Do
you know if this program is?"

Well not only do I not know, I'm not entirely sure how to tell.  I
asked about this yesterday, but somewhat sketchily.  Allow me to
elaborate a bit.  On the one hand it appears to me that GPG implements
algorithms listed here:

as regards encryption, hashing, and authentication. But on the other
hand GPG itself does not seem to be listed here:

I'm not sure whether it even makes sense to think that it /could/ be
on that list.

I know this is all very basic stuff but I'm looking for a little
guidance here.  In searching the archives (yes, got that part) I can
find only a few oblique references to FIPS.

--Stan Rydzewski

More information about the Gnupg-users mailing list