Re: PKCS12 APIs with fips 3.0

[Jakob Bohm via openssl-users <openssl-users@xxxxxxxxxxx>]

If that is a hypothetical context, what context is the official design 
goal of the OpenSSL Foundation for their validation effort?

On 2021-01-28 11:26, Tomas Mraz wrote:
> This is a purely hypothetical context. Besides, as I said below - the
> PKCS12KDF should not be used with modern PKCS12 files. Because it can
> be used only with obsolete encryption algorithms anyway - the best one
> being 3DES for the encryption and SHA1 for the KDF.
>
> Tomas
>
> On Thu, 2021-01-28 at 11:08 +0100, Jakob Bohm via openssl-users wrote:
> > If the context does not limit the use of higher level compositions,
> > then
> > OpenSSL 3.0 provides no way to satisfy the usual requirement that a
> > product can be set into "FIPS mode" and not invoke the non-validated
> > lower level algorithms in the "default" provider.
> >
> > The usual context is to "sell" (give) products to the US Government
> > or
> > its contractors that have a "FIPS" box-checking procurement
> > requirement.
> >
> > On 2021-01-28 10:46, Tomas Mraz wrote:
> > > There is unfortunately no simple straightforward answer to this
> > > question. It really depends on the context.
> > >
> > > Anyway OpenSSL 3.0 gives you all the flexibility needed.
> > >
> > > Tomas
> > >
> > > On Thu, 2021-01-28 at 10:24 +0100, Jakob Bohm via openssl-users
> > > wrote:
> > > > Does FIPS 140 or the related legal requirements limit the use of
> > > > higher
> > > > level compositions such as PKCS12KDF, when using only validated
> > > > cryptography for the underlying operations?
> > > >
> > > > On 2021-01-28 09:36, Tomas Mraz wrote:
> > > > > I do not get how you came to this conclusion. The "true" FIPS
> > > > > mode
> > > > > can
> > > > > be easily achieved with OpenSSL 3.0 - either by loading just
> > > > > the
> > > > > fips
> > > > > and base provider, or by loading both default and fips
> > > > > providers
> > > > > but
> > > > > using the "fips=yes" default property (without the "?").
> > > > >
> > > > > The PKCS12KDF does not work because it is not an FIPS approved
> > > > > KDF
> > > > > algorithm so it cannot really work in the "true" FIPS mode. But
> > > > > IMO
> > > > > this does not mean that PKCS12 keys do not work at all - if you
> > > > > use
> > > > > right (more modern) algoritm based on PBKDF2 to do the password
> > > > > based
> > > > > key derivation, they should work.
> > > > >
> > > > > That in 1.0.x the PKCS12 worked with the FIPS module with
> > > > > legacy
> > > > > algorithms it only shows that the "true" FIPS mode was not as
> > > > > "true" as
> > > > > you might think. There were some crypto algorithms like the
> > > > > KDFs
> > > > > outside of the FIPS module boundary.
> > > > >
> > > > > Tomas Mraz



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded