Login/Register
How to make existing Java code FIPS 140-2 compliant?
Asked Answered
javajcefips
K

1

6

We have some Java library performing AES and RSA encryptions (using javax.crypto.Cipher).

A new requirement came in to make the code FIPS 140-2 compliant. Reading some articles what I understood is that I have to change the followings in the java.security file in JDK/JRE and recompile the code. Will that make my library FIPS 140-2 compliant?

#Use these three providers for FIPS compliant
security.provider.1=com.rsa.jsafe.provider.JsafeJCE
security.provider.2=com.rsa.jsse.JsseProvider
security.provider.3=sun.security.provider.Sun

#Disable the below providers for FIPS compliant
#security.provider.1=sun.security.provider.Sun
#security.provider.2=sun.security.rsa.SunRsaSign
#security.provider.3=sun.security.ec.SunEC
#security.provider.4=com.sun.net.ssl.internal.ssl.Provider
#security.provider.5=com.sun.crypto.provider.SunJCE
#security.provider.6=sun.security.jgss.SunProvider
#security.provider.7=com.sun.security.sasl.Provider
#security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
#security.provider.9=sun.security.smartcardio.SunPCSC
#security.provider.10=sun.security.mscapi.SunMSCAPI

Is there any other changes I need to perform, like using any special jar, compiling with any argument, etc.?

Keyboard answered 27/4, 2021 at 1:20 Comment(0)
S
3

To be FIPS 140-2 compliant:

For your case:

  • AES128, AES192 or AES256 for encryption, with operation mode GCM, CCM, CTR, CBC, CFB, OFB (Or XTS for storage).
  • RSA for Key Establishment or Signature with key size of 2048 bits minimum.
Shanell answered 20/5, 2021 at 14:25 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.