As far as I understand it, FIPS 140-2 requires that you use a FIPS approved RNG for generating keys (if that's what you meant below). This includes ANSI X9.31 and FIPS 186-2, neither of which of course are supported by OpenSSL which has its own PRNG. You might want to look at adding these if the FIPS effort is the direction you're heading. We'd be happy to contribute the routines, I think. Chris Brook
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson Sent: Friday, July 02, 2004 6:44 PM To: [EMAIL PROTECTED] Subject: Re: Disabling for FIPS mode, take 2 On Fri, Jul 02, 2004, Jack Lloyd wrote: > On Fri, Jul 02, 2004 at 10:51:52PM +0200, Dr. Stephen Henson wrote: > > [...] > > OpenSSL already supports various private key formats which only use FIPS > > approved algorithms, for example PKCS#8 with PKCS#5 v2.0. That means that one > > solution is to just change the behaviour of PEM_write_PrivateKey() and friends > > to call the PKCS#8 variants. The openssl pkcs8 utility can readily convert > > between the formats. > > I can't remember offhand, but doesn't OpenSSL also support RC2 with PKCS #5 > v2.0? In theory you can use any algorithm you want with PKCS #5, as long as you > assign it an OID. Generally one uses 3DES with SHA-1, in which case you're > clear (FIPS-wise), but RC2 or DES with MD5 is not uncommon. > Yes its possible to use just about anything with PKCS#5 v2.0 or more specifically PBES2 provided the symmetric algorithm has an OID and an appropriate AlgorithmIdentifier syntax defined. There are a few cases which have an OID but OpenSSL doesn't support the AlgID such as RC4, RC5 and the feedback cipher modes. PBES1 will only support a few modes specified by specific OIDs. PBES1 can't generate enough keying material for algorithms with longer keys. Its also possible to use PKCS#12 PBE algorithms with PKCS#8. > Speaking of which, how does that work, in terms of the FIPS? When reading in, > say, a DSA key, if it happens to be encrypted with RC2, and you decrypt the > key, are you not FIPS-140 compliant anymore? Because it seems like if the key > was unencrypted you could still be FIPS compatible (for level 1, at least). > Pass. Another issue is whether FIPS-140 makes any restrictions on which key derivation algorithms can be used. If it does then all bets are off. > I do think this is a good idea in general. For one thing, PKCS #8 is readable > by pretty much everything (for some definitions of everything), while OpenSSL's > PEM-ish format is readable by OpenSSL and ... > Well I do know of a few things that read the traditional PEM encrypted format, Putty is one. PKCS#8 is readable by many more applications but I'm not sure how many support PBES2. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
