PKCS12 APIs with fips 3.0

Tomas Mraz tm at t8m.info
Thu Jan 28 10:26:10 UTC 2021 

This is a purely hypothetical context. Besides, as I said below - the
PKCS12KDF should not be used with modern PKCS12 files. Because it can
be used only with obsolete encryption algorithms anyway - the best one
being 3DES for the encryption and SHA1 for the KDF.

Tomas

On Thu, 2021-01-28 at 11:08 +0100, Jakob Bohm via openssl-users wrote:
> If the context does not limit the use of higher level compositions,
> then
> OpenSSL 3.0 provides no way to satisfy the usual requirement that a
> product can be set into "FIPS mode" and not invoke the non-validated
> lower level algorithms in the "default" provider.
> 
> The usual context is to "sell" (give) products to the US Government
> or
> its contractors that have a "FIPS" box-checking procurement
> requirement.
> 
> On 2021-01-28 10:46, Tomas Mraz wrote:
> > There is unfortunately no simple straightforward answer to this
> > question. It really depends on the context.
> > 
> > Anyway OpenSSL 3.0 gives you all the flexibility needed.
> > 
> > Tomas
> > 
> > On Thu, 2021-01-28 at 10:24 +0100, Jakob Bohm via openssl-users
> > wrote:
> > > Does FIPS 140 or the related legal requirements limit the use of
> > > higher
> > > level compositions such as PKCS12KDF, when using only validated
> > > cryptography for the underlying operations?
> > > 
> > > On 2021-01-28 09:36, Tomas Mraz wrote:
> > > > I do not get how you came to this conclusion. The "true" FIPS
> > > > mode
> > > > can
> > > > be easily achieved with OpenSSL 3.0 - either by loading just
> > > > the
> > > > fips
> > > > and base provider, or by loading both default and fips
> > > > providers
> > > > but
> > > > using the "fips=yes" default property (without the "?").
> > > > 
> > > > The PKCS12KDF does not work because it is not an FIPS approved
> > > > KDF
> > > > algorithm so it cannot really work in the "true" FIPS mode. But
> > > > IMO
> > > > this does not mean that PKCS12 keys do not work at all - if you
> > > > use
> > > > right (more modern) algoritm based on PBKDF2 to do the password
> > > > based
> > > > key derivation, they should work.
> > > > 
> > > > That in 1.0.x the PKCS12 worked with the FIPS module with
> > > > legacy
> > > > algorithms it only shows that the "true" FIPS mode was not as
> > > > "true" as
> > > > you might think. There were some crypto algorithms like the
> > > > KDFs
> > > > outside of the FIPS module boundary.
> > > > 
> > > > Tomas Mraz

-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]

More information about the openssl-users mailing list