>From the FIPS 140-2 standard:
Security Level 2 enhances the physical security mechanisms of a Security Level 1 cryptographic module by adding the requirement for tamper-evidence, which includes the use of tamper-evident coatings or seals or for pick-resistant locks on removable covers or doors of the module. Tamper-evident coatings or seals are placed on a cryptographic module so that the coating or seal must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module. Tamper-evident seals or pick-resistant locks are placed on covers or doors to protect against unauthorized physical access. Security Level 2 requires, at a minimum, role-based authentication in which a cryptographic module authenticates the authorization of an operator to assume a specific role and perform a corresponding set of services. Security Level 2 allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an operating system that * meets the functional requirements specified in the Common Criteria (CC) Protection Profiles (PPs) listed in Annex B and * is evaluated at the CC evaluation assurance level EAL2 (or higher). An equivalent evaluated trusted operating system may be used. A trusted operating system provides a level of trust so that cryptographic modules executing on general purpose computing platforms are comparable to cryptographic modules implemented using dedicated hardware systems. I don't think you will find openssl software on its own ever being able to meet these requirements. You must wrap it within a system that provides them. Bill ________________________________ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Sibasis Panigrahi Sent: April 17, 2009 9:01 AM To: openssl-users@openssl.org; openssl-annou...@openssl.org Subject: Query regarding FIPS 140-2 level 2 support Hi Guys, We have a requirement for making our product FIPS 140-2 level 2 compliant. >From internet i found out that OpenSSL 0.9.8 is FIPS 140-2 level 1 compliant. So just wanted to check whether any version of OpenSSL library is supporting FIPS 140-2 level 2 or its on the roadmap. Looking forward to your response. Thanks in advance. - Sibasis
