FIPS140-2
Wilson, William O
William.Wilson at unisys.com
Thu Jul 12 21:11:01 UTC 2012
Greetings,
We have a need for a FIPS140-2 compliant FreeBSD kernel plus keymanager.
Has anyone done this before?
My (naïve?) approach is to replace the crypto-dev driver with an openssl fipscanister based crypto driver, use a second application layer openssl fipscanister for the key manager crypto and remove all non-fips crypto from the kernel.
Unsure if FIPs allows two copies of fipscanister.
Design is always easier when one is ignorant.
regards
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
More information about the freebsd-security
mailing list