Fips compliance

Hideki Saito hidekis at gmail.com
Wed Sep 1 11:23:35 CEST 2010


>
>    Am newbie to gpg encryption. My question is
>
> Is gpg FIPS compliance.
>
>  A quick search reveals its not.
>
> http://lists.gnupg.org/pipermail/gnupg-users/2007-January/030159.html
>
> Where as in this link its states that libgcrypt is FIPS complaint and its
> need to be put in that mode explicitly.
>
> http://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html
>
>
> Since  libgcrypt library is being used by gpg tool.  can we say that gpg
> is  fips complaint.
>
>
>

As far as I know, FIPS requirements are quite specific. Library may have
been implemented and complaints to FIPS requirement -- but all components
would need to be complaints to FIPS to be able to call it FIPS complaint.
(and I don't have answer for that...)
If your question is if GnuPG is FIPS *certified* then answer is probably no,
unless someone has submitted some particular version of GnuPG for
certification and passed it.

Hideki Saito <hidekis at gmail.com>
Buzz: hidekis at gmail.com
Wave: hidekis at googlewave.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100901/960e34d3/attachment.htm>


More information about the Gnupg-users mailing list