Hello, Ahern, William wrote: > When libgcrypt is in FIPS mode GnuPG g10/keygen.c:keygen_set_std_prefs > fails entirely in the absence of an explicit preference list, > resulting in the symmetric cipher preference list and similar > subpackets being omitted from the generated public key.
Well, I'd suggest posting this question to gnupg-devel. This is not a problem of libgcrypt. In my opinion... this use case is not (yet) supported by GnuPG. With libgcrypt API of 1.12, a program can use the libgcrypt under FIPS mode in non-rejecting way, so that crypt computations can be done in non-approved ways. Possibly, GnuPG could be run using this feature. Or, we need to modify GnuPG so that it can run under FIPS mode. -- _______________________________________________ Gcrypt-devel mailing list Gcrypt-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
