FIPS compliance

[Moti]

Hi all,

 

I wanted to know whether RNCryptor support in FIPS standard for IOS development.

 

Thanks,

Moti

[Rob Napier]

RNCryptor has not been submitted for FIPS 140 compliance testing in any configuration. The low level crypto modules that RNCryptor uses indirectly have been, but that doesn't imply anything for RNCryptor. You can see which parts of iOS 8 are certified here:

https://km.support.apple.com/library/APPLE/APPLECARE_ALLGEOS/HT204924/APPLEFIPS_GUIDE_CO_iOS8.0.b3-01.pdf

This does not mean that RNCryptor has any "automatic" certification on iOS 8. This is just the official certification information from Apple. I don't know of a FIPS certification for iOS 9 yet.

It is not possible for RNCryptor itself to be "generally" FIPS 140 certified. FIPS 140 certifies a specific combination of hardware and software. You would need to submit a specific version of RNCryptor for testing, tying it to an OS version and hardware. That would lead to a certification like this one: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2015.htm#2396. Is this really what you're looking for?

-Rob

--
You received this message because you are subscribed to the Google Groups "rncryptor" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rncryptor+...@googlegroups.com.
Visit this group at https://groups.google.com/group/rncryptor.
For more options, visit https://groups.google.com/d/optout.

--

Rob Napier
Cocoaphony blog -- http://robnapier.net/blog

iOS Programming Pushing the Limits -- http://robnapier.net/book