我将着手对我的软件模块进行国际会计准则第140-2认证。 我研究了相关材料,但我仍然不清楚有一件事情:。 是否需要写一下我自己执行已核准的算法,并首先从国家清单中得到核准?
I am confused because; in Fips validation module list, most of the companies have their own validated algorithms in their fips validated module which gives me impression that one has to get the validation of his own algorithm implementation first and then use it in to be validated crypto module. Is this right?
希望得到任何帮助。
国际房联认证实验室在计算算法产生时只提供符合国际房联第140-2标准的执行。 如果执行符合规定,那么你就获得证书。
例如,如果看,请看看许多人使用开放式特别安全设备执行。 硬件安装可能使用供应商的加密核心,而不是每个组织在硬件中重新实施AES。
What you do have to do though is make the third-party implementation conform to the FIPS 140-2 standard. So you may have to write power-on self tests and continuous self tests and so on. You may even have to fix bugs in the implementation to make it pass the certification tests. For example, OpenSSL s RSA implementation up to 0.9.7j/0.9.8b (from 2006) is vulnerable to the Bleichenbacher RSA forgery attack, so if you were using that old RSA implementation, you d have to fix it.
很显然,你的第三方执行不必事先得到科索沃警察部队的认证。 你的认证实验室将作为执行工作的一部分加以测试,然后予以认证。
Have to test a c# application from client that is to work on a machine that has FIPS enbaled
I have been working on making our .NET application FIPS compliant, and have found that the Managed Cryptography classes (such as AESManaged) are not FIPS compliant. I have read several other articles ...
I want to disalbe fips in asp .net x64 application. In web.config I added <runtime> <enforceFIPSPolicy enabled = "false"> </runtime> I set debug to false. However my ...
The issue is if you enforce FIPS validated cryptography in the Windows security policy settings, an exception will be thrown because RADIUS protocol uses the MD5 algorithm to hash the request ...
We have a few sections of our application that are using AJAX.NET 5.7.25.1. Our server administrators have enabled FIPS and we are running into the following error: This implementation is not part ...
I need to understand how to make an ASP.NET web application FIPS compliant. To keep it simple, I created a new web application within VS 2008. I have FIPS enabled on my development machine, as the ...
We have a .NET 2.0 application that uses the RijindaelManaged class to encrypt some sensitive data. This was fine until we ran into some machines that require the use of FIPS-compliant algorithms. We ...
My concern is that cryptographic keys and secrets that are managed by the garbage collector may be copied and moved around in memory without zeroization. As a possible solution, is it enough to: ...
