FIPS Certification
Simon Josefsson
simon at josefsson.org
Tue Nov 17 11:58:45 CET 2009
Simon Josefsson <simon at josefsson.org> writes:
> "Hoyt, David" <hoyt6 at llnl.gov> writes:
>
>> Is or will there be an effort to become FIPS certified? If so, is
>> there a schedule laid out for the process? Is there a webpage I can
>> look at to keep myself up-to-date on the certification process?
>
> All the crypto in GnuTLS normally happens in libgcrypt, and I recall
> seeing libgcrypt mentioned on the list of projects underway of becoming
> FIPS-certified some time ago.
Looking again, I see that AES/3DES/SHA1/SHA2/RSA/DSA/RNG in libgcrypt
have been FIPS certified. Follow links from:
http://csrc.nist.gov/groups/STM/cavp/validation.html
Still, older TLS does not use standard RSA PKCS#1 so you have to make
sure GnuTLS is really using the right crypto bits from libgcrypt.
/Simon
More information about the Gnutls-help
mailing list