Fips compliance
khaja mohideen
skm_mail at yahoo.com
Fri Sep 3 12:04:18 CEST 2010
Hi All,
So can I consider the GnuPG tool to be non FIPS complaint even though the underlying library is fips complaint.
Regards,
Khaja Mohideen
--- On Wed, 9/1/10, Hideki Saito <hidekis at gmail.com> wrote:
From: Hideki Saito <hidekis at gmail.com>
Subject: Re: Fips compliance
To: "khaja mohideen" <skm_mail at yahoo.com>
Cc: gnupg-users at gnupg.org
Date: Wednesday, September 1, 2010, 2:23 AM
Am newbie to gpg encryption. My question is
Is gpg FIPS compliance.
A quick search reveals its not.
http://lists.gnupg.org/pipermail/gnupg-users/2007-January/030159.html
Where as in this link its states that libgcrypt is FIPS complaint and its need to be put in that mode explicitly.
http://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html
Since libgcrypt library is being used by gpg tool. can we say that gpg is fips complaint.
As far as I know, FIPS requirements are quite specific. Library may have been implemented and complaints to FIPS requirement -- but all components would need to be complaints to FIPS to be able to call it FIPS complaint. (and I don't have answer for that...)
If your question is if GnuPG is FIPS *certified* then answer is probably no, unless someone has submitted some particular version of GnuPG for certification and passed it.
Hideki Saito <hidekis at gmail.com>
Buzz: hidekis at gmail.com
Wave: hidekis at googlewave.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100903/c0b9b366/attachment-0001.htm>
More information about the Gnupg-users
mailing list