Rephrasing the question

Robert J. Hansen rjh at sixdemonbag.org
Thu Jan 4 21:51:16 CET 2007


This may not be a useful answer, but it will be an accurate one.  :(

> "The VA requires that all encryption MUST be FIPS140-2 compliant.   Do
> you know if this program is?"

This question cannot be answered.  What does it mean to be 'compliant'?
 The speaker might be asking whether it implements algorithms specified
in FIPS 140-2 (in which case, yes, it does implement many of them).  The
speaker might be asking whether GnuPG has passed a formal NIST-approved
certification process, in which case to my knowledge it hasn't.

Once you can figure out from the speaker precisely what they mean by
'FIPS 140-2 compliant', then we can give you a concrete response.  But
for right now, I'm afraid I'm drawing a blank.  Maybe someone else can
cast some more light on it.





More information about the Gnupg-users mailing list