BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; } 
 Triple-DES is listed in the OpenSSL 1.2 security policy and is
listed as approved by NIST, so why would it not be available? 

        Carl
 On Wed 11/03/09 12:01 PM , Kyle Hamilton aerow...@gmail.com sent:
  Your key's digest is set to md5. This is disallowed in FIPS mode.
 Also, 3DES is not allowed in FIPS mode, either.
 -Kyle H
 On Tue, Mar 10, 2009 at 3:22 PM, Davin Chan  wrote:
 > I am trying to to get mutt to use a FIPS validated OpenSSL to
send/receive encrypted emails.  When
 > I don't set the environment variable OPENSSL_FIPS=1, everything
works fine.
 >
 > When I try the same command to decrypt an email with OPENSSL_FIPS
set, it fails with:
 >
 > env OPENSSL_FIPS=1 openssl smime -decrypt  -passin stdin -inform
DER -in %f -inkey %k -recip %c
 >
 > unable to load signing key file
 > 11851:error:06080090:digital envelope
routines:EVP_DigestInit_ex:disabled for fips:digest.c:292:
 > 11851:error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330:
 > 11851:error:0906A065:PEM routines:PEM_do_header:bad
decrypt:pem_lib.c:428:
 >
 > And when I try to look at my private key with FIPS enabled, it
fails with:
 >
 > env OPENSSL_FIPS=1 openssl rsa -in -text
 > Enter pass phrase for :
 > unable to load Private Key
 > 12050:error:06080090:digital envelope
routines:EVP_DigestInit_ex:disabled for fips:digest.c:292:
 > 12050:error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:330:
 > 12050:error:0906A065:PEM routines:PEM_do_header:bad
decrypt:pem_lib.c:428:
 >
 > So it looks like it doesn't like the encryption on my private key.
 The default encryption on my key should be
 > triple DES, but I've also tried to change the encryption on my key
to aes256, but it still fails with the same
 > message.  How do I get my private key into a format acceptable to
FIPS?  Or is there something else that I'm
 > missing?
 >
 > Davin
 >
______________________________________________________________________
 > OpenSSL Project                                
http://www.openssl.org [2]
 > User Support Mailing List                   
openssl-users@openssl.org [3]
 > Automated List Manager                          
majord...@openssl.org [4]
 >

______________________________________________________________________
 OpenSSL Project http://www.openssl.org [5]
 User Support Mailing List openssl-users@openssl.org [6]
 Automated List Manager majord...@openssl.org [7]


Links:
------
[1] mailto:dsc...@nas.nasa.gov
[2]
http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org
[3] mailto:openssl-users@openssl.org
[4] mailto:majord...@openssl.org
[5] http://www.openssl.org
[6] mailto:openssl-users@openssl.org
[7] mailto:majord...@openssl.org

Reply via email to