Rephrasing the question

Werner Koch wk at
Fri Jan 5 12:26:37 CET 2007

On Thu,  4 Jan 2007 21:51, rjh at said:

> in FIPS 140-2 (in which case, yes, it does implement many of them).  The
> speaker might be asking whether GnuPG has passed a formal NIST-approved
> certification process, in which case to my knowledge it hasn't.

To my knowledge, no FIPS140-2 (or CC) evaluation for GnuPG has been
done.  Though I know a little bit of CC evaluation, I don't know the
rules for such a evaluation to Security Level 1 of FIPS140-2.

In general such an evaluations are pretty expensive as a lot woodware
has to be produced.



More information about the Gnupg-users mailing list