BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; } Triple-DES is listed in the OpenSSL 1.2 security policy and is listed as approved by NIST, so why would it not be available?
Carl On Wed 11/03/09 12:01 PM , Kyle Hamilton aerow...@gmail.com sent: Your key's digest is set to md5. This is disallowed in FIPS mode. Also, 3DES is not allowed in FIPS mode, either. -Kyle H On Tue, Mar 10, 2009 at 3:22 PM, Davin Chan wrote: > I am trying to to get mutt to use a FIPS validated OpenSSL to send/receive encrypted emails. When > I don't set the environment variable OPENSSL_FIPS=1, everything works fine. > > When I try the same command to decrypt an email with OPENSSL_FIPS set, it fails with: > > env OPENSSL_FIPS=1 openssl smime -decrypt -passin stdin -inform DER -in %f -inkey %k -recip %c > > unable to load signing key file > 11851:error:06080090:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:292: > 11851:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330: > 11851:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:428: > > And when I try to look at my private key with FIPS enabled, it fails with: > > env OPENSSL_FIPS=1 openssl rsa -in -text > Enter pass phrase for : > unable to load Private Key > 12050:error:06080090:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:292: > 12050:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330: > 12050:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:428: > > So it looks like it doesn't like the encryption on my private key. The default encryption on my key should be > triple DES, but I've also tried to change the encryption on my key to aes256, but it still fails with the same > message. How do I get my private key into a format acceptable to FIPS? Or is there something else that I'm > missing? > > Davin > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org [2] > User Support Mailing List openssl-users@openssl.org [3] > Automated List Manager majord...@openssl.org [4] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org [5] User Support Mailing List openssl-users@openssl.org [6] Automated List Manager majord...@openssl.org [7] Links: ------ [1] mailto:dsc...@nas.nasa.gov [2] http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org [3] mailto:openssl-users@openssl.org [4] mailto:majord...@openssl.org [5] http://www.openssl.org [6] mailto:openssl-users@openssl.org [7] mailto:majord...@openssl.org