I am new to this group and trying to understand NIST's policies. I need to implement security on both a PC and a Win CE device for a project I am working on. For the Win CE side, will use the RSAENH DLL and for the Windows side, I was hoping to use Cryptopp in DLL mode to maintain FIPS 140-2 compliance. One portion of the security I need to implement involves signing files which will be passed between the PC and the device running Win CE, but after reviewing the Cryptopp source code, docs and the NIST CSRC web site, I am confused. I am hoping somebody here can help understand this better.
>From http://csrc.nist.gov/CryptoToolkit/tkdigsigs.html there are only 3 approved functions to generate a digital signature. The caveat appears to be that the method chosen must use an approved hash code function, as listed on http://csrc.nist.gov/CryptoToolkit/tkhash.html When I cross reference the approved hash code functions with the hash code functions used by Cryptopp, there is no match. So does this mean that the digital signatures in Cryptopp are no not FIPS approved? If so, could I make the signature myself by creating a hash code of the file via an approved method like SHA-256 and then using RSA to encrypt that hash code to create a signature? Can somebody shed some light on this for me or point me in the right direction with some links? Thanks, --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [EMAIL PROTECTED] More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
