Fips compliance

khaja mohideen skm_mail at yahoo.com
Fri Sep 3 12:06:05 CEST 2010


Hi,
    Thank you  Hideki for your response.
 
   Yes.  I
 am  talking about the  gpg which is the main program of GnuPG System.  
And a tool used for encryption and signing.


    So  Can i consider gnupg tool to be non fips complaint even though the underlying library is fips complaint.

Regards,
Khaja Mohideen




Regards,
Khaja 
Mohideen

--- On Wed, 9/1/10, Hideki Saito <hidekis at gmail.com> wrote:

From: Hideki Saito <hidekis at gmail.com>
Subject: Re: Fips compliance
To: "khaja mohideen" <skm_mail at yahoo.com>
Cc: gnupg-users at gnupg.org
Date: Wednesday, September 1, 2010, 2:23 AM




   Am newbie to gpg encryption. My question is 

Is gpg FIPS compliance. 

 A quick search reveals its not.

http://lists.gnupg.org/pipermail/gnupg-users/2007-January/030159.html





Where as in this link its states that libgcrypt is FIPS complaint and its need to be put in that mode explicitly.


http://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html



Since  libgcrypt library is being used by gpg tool.  can we say that gpg is  fips complaint.




As far as I know, FIPS requirements are quite specific. Library may have been implemented and complaints to FIPS requirement -- but all components would need to be complaints to FIPS to be able to call it FIPS complaint. (and I don't have answer for that...)

If your question is if GnuPG is FIPS *certified* then answer is probably no, unless someone has submitted some particular version of GnuPG for certification and passed it.
Hideki Saito <hidekis at gmail.com>


Buzz: hidekis at gmail.com
Wave: hidekis at googlewave.com 




      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100903/82fced4f/attachment.htm>


More information about the Gnupg-users mailing list