FIPS compliant?
383 views
Skip to first unread message
Vadim
Jun 25, 2012, 1:56:06 PM6/25/12
to sqlc...@googlegroups.com
After reading "SQLCipher does not implement its own encryption. Instead it uses the widely available and peer-reviewed OpenSSL libcrypto for all cryptographic functions" and then trying to unravel the status of OpenSSL FIPS compliance I am thoroughly confused about the status of SQLCipher FIPS compliance.
Is SQLCipher FIPS 140-2 compliant?
If it's not currently compliant, is it going to be, is there an ETA?
Thanks
Stephen Lombardo
Jun 25, 2012, 5:16:35 PM6/25/12
to sqlc...@googlegroups.com
Hi Vadim,
SQLCipher is not FIPS compliant, however SQLCipher core doesn't require you to modify OpenSSL, so if you already had a FIPS compliant openssl build then you could probably link against it. However, I'm not directly aware of anyone who has gone that route.
One potential difficulty is that, according to the OpenSSL FIPS documentation, even trivial changes to the build process negate the FIPS validation. Since OpenSSL builds for iOS, Windows, Android, etc generally require some "non-default" build procedures, this would strike me as difficult to achieve and generally support.
We've only done cursory research into the subject, so I'd be curious to hear if anyone with deeper experience with the OpenSSL FIPS builds has any further comments.
Cheers,
Stephen
SQLCipher is not FIPS compliant, however SQLCipher core doesn't require you to modify OpenSSL, so if you already had a FIPS compliant openssl build then you could probably link against it. However, I'm not directly aware of anyone who has gone that route.
One potential difficulty is that, according to the OpenSSL FIPS documentation, even trivial changes to the build process negate the FIPS validation. Since OpenSSL builds for iOS, Windows, Android, etc generally require some "non-default" build procedures, this would strike me as difficult to achieve and generally support.
We've only done cursory research into the subject, so I'd be curious to hear if anyone with deeper experience with the OpenSSL FIPS builds has any further comments.
Cheers,
Stephen
Reply all
Reply to author
Forward
0 new messages