Fips compliance

khaja mohideen skm_mail at
Fri Sep 3 12:04:18 CEST 2010

Hi All,

   So can I consider the GnuPG tool to be  non FIPS complaint even though the underlying library is fips complaint.

Khaja Mohideen

--- On Wed, 9/1/10, Hideki Saito <hidekis at> wrote:

From: Hideki Saito <hidekis at>
Subject: Re: Fips compliance
To: "khaja mohideen" <skm_mail at>
Cc: gnupg-users at
Date: Wednesday, September 1, 2010, 2:23 AM

   Am newbie to gpg encryption. My question is 

Is gpg FIPS compliance. 

 A quick search reveals its not.

Where as in this link its states that libgcrypt is FIPS complaint and its need to be put in that mode explicitly.

Since  libgcrypt library is being used by gpg tool.  can we say that gpg is  fips complaint.

As far as I know, FIPS requirements are quite specific. Library may have been implemented and complaints to FIPS requirement -- but all components would need to be complaints to FIPS to be able to call it FIPS complaint. (and I don't have answer for that...)

If your question is if GnuPG is FIPS *certified* then answer is probably no, unless someone has submitted some particular version of GnuPG for certification and passed it.
Hideki Saito <hidekis at>

Buzz: hidekis at
Wave: hidekis at 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100903/c0b9b366/attachment-0001.htm>

More information about the Gnupg-users mailing list