Menu
We may need to encrypt some of the data in our software to meet healthcare privacy ("HIPAA") rules which simply defer to the NIST guild-lines. But it's really unclear what (if any) libraries for encryption meet NIST standards.
Are there any .js or php libararies approved by the NIST?
(And, yes, I've emailed them but I"m not holding my breath).
699
NIST provides a list of validated libraries.
OpenSSL is FIPS 140-2 validated, and both PHP and Node.js provide OpenSSL bindings.
Obviously, you only have OpenSSL on the server. Don't do crypto in the browser. Do transmit data between the browser and server over SSL and do necessary crypto on the server.
168
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
