David Stutzman wrote:
Is RSA key generation via NSS FIPS approved?
I was looking into FIPS-approved RSA and DSA capabilities of NSS. It
seems everything is covered just fine for DSA. The certificate appears
to cover private and public keygen, signature generation and
verification and hashing. The RSA certificate lists signature
generation/verification and hashing but I don't see anything mentioning
key generation. It would seem stupid to me for keygen to not be
included in a full approved NSS release so I'm probably overlooking
something. I just wanted that warm and fuzzy.
Sources:
http://wiki.mozilla.org/FIPS_Validation#Algorithms
http://csrc.nist.gov/cryptval/dss/rsaval.html#152
http://csrc.nist.gov/cryptval/dss/dsaval.htm#172
Hi Dave,
RSA key generation in NSS isn't FIPS validated because the Cryptographic
Module Validation Program only tests RSA key generation of the RSA as
specified in ANSI X9.31 and NSS only implements the RSA as specified in
PKCS #1 v2.1 (the flavor known as RSASSA-PKCS1_V1_5). You can verify
this by searching for "Key(gen)" in the RSA Validation List:
http://csrc.nist.gov/cryptval/dss/rsaval.html
and confirm that it always occurs with ALG[ANSIX9.31].
When we worked on the FIPS algorithm validations for NSS, we attempted
and passed every test that is applicable to the NSS crypto module.
If there were a PKCS #1 RSA key generation test, we would have
definitely attempted it.
We are working towards implementing X9.31 RSA key generation. We
did some work in NSS 3.11 to enable NSS to use other crypto modules
that support X9.31 RSA key pair generation:
https://bugzilla.mozilla.org/show_bug.cgi?id=302219
and we plan to implement that in NSS, too:
https://bugzilla.mozilla.org/show_bug.cgi?id=181570
I remember Draft FIPS 186-3 will require X9.31 RSA key generation.
In FIPS 186-2, it's not required.
Wan-Teh
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
