FIPS Crypto Algorithm Certification

[John Waycott]

I am wondering if there's been any discussion among the Go team about getting FIPS algorithm certifications for some of the crypto in Go? Specifically the PRNG, AES and SHA.

I ask this because we'd like to eventually use Go for some of our crypto. NIAP certification is easier of the crypto source has FIPS algorithm certs.

[Zellyn Hunter]

It might be better to split it off into a separate project, and get that FIPS certified. I'm not an expert, but I believe if you make changes to FIPS certified code, you have to re-certify, and I doubt the go maintainers would want to subject themselves to that constraint.

Zellyn

[agl]

On Monday, April 7, 2014 6:53:56 AM UTC-7, John Waycott wrote:

I am wondering if there's been any discussion among the Go team about getting FIPS algorithm certifications for some of the crypto in Go? Specifically the PRNG, AES and SHA.

I ask this because we'd like to eventually use Go for some of our crypto. NIAP certification is easier of the crypto source has FIPS algorithm certs.

There are no plans for FIPS certification. The cost (in terms of money, time and pain of making future changes) is overwhelming.

Cheers

AGL

[John Waycott]

Thanks, AGL. FIPS is indeed a nightmare to support. NIAP seems worse :-)  If we do use Go for crypto operations, we will probably just write a wrapper for OpenSSL, or do what Zellyn suggested and certify a version of the crypto library as a separate module.

[John C.]

Would you like an extra 64KB with that?

[Nate Finch]

Best. Reply. Ever. :)

[吴蔚]

May Go team get certs for DES/AES/RSA/SHA/MD modules instead of all? I think these algs code should not be modified in future only if there is security flaw. 

I really really expect to use crypto moudule in our business payment system.

在 2014年4月7日星期一 UTC+8下午9:53:56，John Waycott写道：

[albert.leung...@gtempaccount.com]

This reply was 6 years ago.  Just curious if the golang team changes the position on this or not?

Thanks

Albert

[Ian Lance Taylor]

On Fri, May 1, 2020 at 2:50 PM albert.leung%centrify.com via
golang-nuts <golan...@googlegroups.com> wrote:
>
> This reply was 6 years ago. Just curious if the golang team changes the position on this or not?

See https://go.googlesource.com/go/+/dev.boringcrypto/README.boringcrypto.md .

Ian

> On Wednesday, April 9, 2014 at 1:43:52 PM UTC-7, agl wrote:
>>
>> On Monday, April 7, 2014 6:53:56 AM UTC-7, John Waycott wrote:
>>>
>>> I am wondering if there's been any discussion among the Go team about getting FIPS algorithm certifications for some of the crypto in Go? Specifically the PRNG, AES and SHA.
>>>
>>> I ask this because we'd like to eventually use Go for some of our crypto. NIAP certification is easier of the crypto source has FIPS algorithm certs.
>>
>>
>> There are no plans for FIPS certification. The cost (in terms of money, time and pain of making future changes) is overwhelming.
>>
>>
>> Cheers
>>
>> AGL
>

> --
> You received this message because you are subscribed to the Google Groups "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/06e98507-2d20-4942-b317-c671118b684e%40googlegroups.com.