Rephrasing the question
wk at gnupg.org
Fri Jan 5 12:26:37 CET 2007
On Thu, 4 Jan 2007 21:51, rjh at sixdemonbag.org said:
> in FIPS 140-2 (in which case, yes, it does implement many of them). The
> speaker might be asking whether GnuPG has passed a formal NIST-approved
> certification process, in which case to my knowledge it hasn't.
To my knowledge, no FIPS140-2 (or CC) evaluation for GnuPG has been
done. Though I know a little bit of CC evaluation, I don't know the
rules for such a evaluation to Security Level 1 of FIPS140-2.
In general such an evaluations are pretty expensive as a lot woodware
has to be produced.
More information about the Gnupg-users