Hello. I am part of a team creating a communcations process by which hospitals would submit files periodically to a government organization in the United States. We were contemplating using GPG as part of this process. A few days ago, one of the hospitals involved stated
"The VA requires that all encryption MUST be FIPS140-2 compliant. Do you know if this program is?" Well not only do I not know, I'm not entirely sure how to tell. I asked about this yesterday, but somewhat sketchily. Allow me to elaborate a bit. On the one hand it appears to me that GPG implements algorithms listed here: http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf as regards encryption, hashing, and authentication. But on the other hand GPG itself does not seem to be listed here: http://csrc.nist.gov/cryptval/140-1/1401val2003.htm#329 I'm not sure whether it even makes sense to think that it /could/ be on that list. I know this is all very basic stuff but I'm looking for a little guidance here. In searching the archives (yes, got that part) I can find only a few oblique references to FIPS. --Stan Rydzewski _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
