Fips compliance
khaja mohideen
skm_mail at yahoo.com
Fri Sep 3 12:06:05 CEST 2010
Hi,
Thank you Hideki for your response.
Yes. I
am talking about the gpg which is the main program of GnuPG System.
And a tool used for encryption and signing.
So Can i consider gnupg tool to be non fips complaint even though the underlying library is fips complaint.
Regards,
Khaja Mohideen
Regards,
Khaja
Mohideen
--- On Wed, 9/1/10, Hideki Saito <hidekis at gmail.com> wrote:
From: Hideki Saito <hidekis at gmail.com>
Subject: Re: Fips compliance
To: "khaja mohideen" <skm_mail at yahoo.com>
Cc: gnupg-users at gnupg.org
Date: Wednesday, September 1, 2010, 2:23 AM
Am newbie to gpg encryption. My question is
Is gpg FIPS compliance.
A quick search reveals its not.
http://lists.gnupg.org/pipermail/gnupg-users/2007-January/030159.html
Where as in this link its states that libgcrypt is FIPS complaint and its need to be put in that mode explicitly.
http://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html
Since libgcrypt library is being used by gpg tool. can we say that gpg is fips complaint.
As far as I know, FIPS requirements are quite specific. Library may have been implemented and complaints to FIPS requirement -- but all components would need to be complaints to FIPS to be able to call it FIPS complaint. (and I don't have answer for that...)
If your question is if GnuPG is FIPS *certified* then answer is probably no, unless someone has submitted some particular version of GnuPG for certification and passed it.
Hideki Saito <hidekis at gmail.com>
Buzz: hidekis at gmail.com
Wave: hidekis at googlewave.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100903/82fced4f/attachment.htm>
More information about the Gnupg-users
mailing list