PKCS12 APIs with fips 3.0

Thu Jan 28 11:14:54 UTC 2021

If that is a hypothetical context, what context is the official design 
goal of the OpenSSL Foundation for their validation effort?

On 2021-01-28 11:26, Tomas Mraz wrote:
> This is a purely hypothetical context. Besides, as I said below - the
> PKCS12KDF should not be used with modern PKCS12 files. Because it can
> be used only with obsolete encryption algorithms anyway - the best one
> being 3DES for the encryption and SHA1 for the KDF.
> 
> Tomas
> 
> On Thu, 2021-01-28 at 11:08 +0100, Jakob Bohm via openssl-users wrote:
>> If the context does not limit the use of higher level compositions,
>> then
>> OpenSSL 3.0 provides no way to satisfy the usual requirement that a
>> product can be set into "FIPS mode" and not invoke the non-validated
>> lower level algorithms in the "default" provider.
>>
>> The usual context is to "sell" (give) products to the US Government
>> or
>> its contractors that have a "FIPS" box-checking procurement
>> requirement.
>>
>> On 2021-01-28 10:46, Tomas Mraz wrote:
>>> There is unfortunately no simple straightforward answer to this
>>> question. It really depends on the context.
>>>
>>> Anyway OpenSSL 3.0 gives you all the flexibility needed.
>>>
>>> Tomas
>>>
>>> On Thu, 2021-01-28 at 10:24 +0100, Jakob Bohm via openssl-users
>>> wrote:
>>>> Does FIPS 140 or the related legal requirements limit the use of
>>>> higher
>>>> level compositions such as PKCS12KDF, when using only validated
>>>> cryptography for the underlying operations?
>>>>
>>>> On 2021-01-28 09:36, Tomas Mraz wrote:
>>>>> I do not get how you came to this conclusion. The "true" FIPS
>>>>> mode
>>>>> can
>>>>> be easily achieved with OpenSSL 3.0 - either by loading just
>>>>> the
>>>>> fips
>>>>> and base provider, or by loading both default and fips
>>>>> providers
>>>>> but
>>>>> using the "fips=yes" default property (without the "?").
>>>>>
>>>>> The PKCS12KDF does not work because it is not an FIPS approved
>>>>> KDF
>>>>> algorithm so it cannot really work in the "true" FIPS mode. But
>>>>> IMO
>>>>> this does not mean that PKCS12 keys do not work at all - if you
>>>>> use
>>>>> right (more modern) algoritm based on PBKDF2 to do the password
>>>>> based
>>>>> key derivation, they should work.
>>>>>
>>>>> That in 1.0.x the PKCS12 worked with the FIPS module with
>>>>> legacy
>>>>> algorithms it only shows that the "true" FIPS mode was not as
>>>>> "true" as
>>>>> you might think. There were some crypto algorithms like the
>>>>> KDFs
>>>>> outside of the FIPS module boundary.
>>>>>
>>>>> Tomas Mraz
> 

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded