Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Which JCE providers are FIPS 140-2 compliant?

Tags:

What Java Cryptography Extension (JCE) providers are FIPS 140-2 compliant? More specifically, does the Sun/Oracle provider qualify?

like image 927
Rob H Avatar asked Feb 18 '11 20:02

Rob H

People also ask

What is the difference between FIPS 140-2 Level 2 and Level 3?

Level 2: Requires physical tamper-evidence and role-based authentication for hardware. Software is required to run on an Operating System (OS) approved to Common Criteria (CC) at Evaluation Assurance Level 2 (EAL2). Level 3: Hardware must feature physical tamper-resistance and identity-based authentication.

What is the difference between FIPS 140 1 and FIPS 140-2?

FIPS 140-1 is one of NIST's most successful standards and forms the very foundation of the Cryptographic Module Validation Program. FIPS 140-2 addresses lessons learned from questions and comments and reflects changes in technology. The standard was strengthened, but not changed in focus or emphasis.

2 Answers

According to this information on this page:

  1. IBM and RSA have FIPS 140-2 validated JCE providers.
  2. BouncyCastle have FIPS 140-2 validated JCE providers for Java 7 & 8. (See The Legion of the Bouncy Castle - FIPS Resources Page. Donations are encouraged!)
  3. Sun's JCE providers are not on the list of FIPS 140-2 validated modules.

However, Oracle do have a validated module called "Oracle Cryptographic Libraries for SSL". The description does not say this is a JCE provider ... but it might be.

Also, Oracle don't appear to have any "modules in progress" for FIPS 140-2 validation.

like image 131
Stephen C Avatar answered Sep 19 '22 06:09

Stephen C

According to this page, java 6 can be made FIPS 140 compliant via either NSS or SunJSSE.

like image 42
Curtis P Avatar answered Sep 22 '22 06:09

Curtis P
Sign in to Comment

Related questions

Does JavaScript have non-shortcircuiting boolean operators?
Is there a way to get the C# compiler to emit an error if a switch(enum_val) is missing a case statement?
Sending DTMF tones over the uplink in-call
How to run apk file online?
safe publication and the advantage of being immutable vs. effectively immutable
Replace default STL allocator
How to use 'git pull' from the command line?
Possible to enable "strict mode" in FireBug and Chrome's console?
Exception when code first tried to create database
matplotlib won't draw python3
Xcode leaving zombie processes after running iOS tests/simulator
bash - Why double underline (__) for private functions? Why (_) for bash completion functions?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!