[Gpg4win-users-en] GPG4Win and FIPS 140-2 Compliant

Gaurav Sharma gsharma at azdes.gov
Tue Jul 13 19:39:07 CEST 2021


Hello All,

I am looking for an answer to my question below. Any help is appreciated.

I am looking for an online documentation where I can find supported GPG4WIN
cipher blocks.

I can run gpg --version and system tells me about the supported algorithms
but I am looking to find out what cipher blocks GPG4Win supports:

For example: ECB, CFB, CBC, OFB, CTR, CCM, GCM, OCB, XTS, EAX

Is there any configuration setting we can use to pass the cipher block name?

*Thanks,*

*Gaurav Sharma*
*Solutions Architect - DTS*
*Arizona Department of Economic Security*
*Phone: 480-363-4405*


On Mon, Jul 12, 2021 at 2:21 PM Gaurav Sharma <gsharma at azdes.gov> wrote:

> Hi Bernhard,
>
> Thanks for the information.
>
> I am looking for an online documentation where I can find
> supported GPG4WIN cipher blocks.
>
> I can run gpg --version and system tells me about the supported algorithms
> but I am looking to find out what cipher blocks GPG4Win supports:
>
> For example: ECB, CFB, CBC, OFB, CTR, CCM, GCM, OCB, XTS, EAX
>
> Is there any configuration setting we can use to pass the cipher block
> name?
>
> Please advise. Appreciate the support.
>
> *Thanks,*
>
> *Gaurav Sharma*
> *Solutions Architect - DTS*
> *Arizona Department of Economic Security*
> *Phone: 480-363-4405*
>
>
> On Tue, Jul 6, 2021 at 11:29 PM Bernhard Reiter <bernhard at intevation.de>
> wrote:
>
>> Hi Gaurav,
>>
>> Am Mittwoch 07 Juli 2021 01:50:21 schrieb Gaurav Sharma:
>> > If this product operates a FIPS 140-2 validated module
>>
>>  * libgcrypt (the relevant crypte module of Gpg4win) has active FIPS
>> 140-2
>>    certifications for other platforms than Windows.
>>
>>
>> https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&ModuleName=libgcrypt&CertificateStatus=Active&ValidationYear=0
>>
>> > If so, can you please provide me with any documentation around it?
>>
>>    The technical development manual with the details is here
>>
>> https://www.gnupg.org/documentation/manuals/gcrypt/Enabling-FIPS-mode.html
>>
>> Citing from it:
>>   Because FIPS 140 has certain restrictions on the use of cryptography
>>   which are not always wanted, Libgcrypt needs to be put into FIPS mode
>>   explicitly.
>>
>> So it depends what you need:
>>  * general code quality, is there
>>  * fips mode, you'd need to build the product with this mode enabled
>>  * certified binaries, not there yet, if there is a lot of demand,
>>    a vendor like https://gnupg.com/ maybe able to provide them some point
>>    in the future.
>>
>> Best Regards,
>> Bernhard
>>
>> --
>> www.intevation.de/~bernhard   +49 541 33 508 3-3
>> Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
>> Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
>>
>

-- 


NOTICE: This e-mail (and any attachments) may contain PRIVILEGED OR 
CONFIDENTIAL information and is intended only for the use of the specific 
individual(s) to whom it is addressed. It may contain information that is 
privileged and confidential under state and federal law. This information 
may be used or disclosed only in accordance with law, and you may be 
subject to penalties under law for improper use or further disclosure of 
the information in this e-mail and its attachments. If you have received 
this e-mail in error, please immediately notify the person named above by 
reply e-mail, and then delete the original e-mail. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20210713/7c6e7277/attachment.html>


More information about the Gpg4win-users-en mailing list