Module Name
KeyPair FIPS Object Module for OpenSSL
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3335.
Security Level Exceptions
- Roles, Services, and Authentication: Level 2
- Physical Security: N/A
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The KeyPair FIPS Object Module for OpenSSL is a software library replacement for applications that use OpenSSL 1.0.2 and require FIPS 140-2 validated cryptography (including FIPS 186-4 RSA KeyGen). Please contact KeyPair Consulting to include your desired operating system as a Tested Configuration on a FIPS 140-2 certificate branded in your company's name.
Tested Configuration(s)
- Android 10 running on Samsung Galaxy S9 with Qualcomm SDM845 with PAA
- Android 10 running on Samsung Galaxy S9 with Qualcomm SDM845 without PAA
- CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 with PAA
- Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 without PAA
- PexOS 1.0 on Vmware ESXi 7 running on Dell R640 with Intel Gold 6208U with PAA
- PexOS 1.0 on Vmware ESXi 7 running on Dell R640 with Intel Gold 6208U without PAA
- Philips OS Linux 4.19 running on NXP SABRE Smart Devices Board with NXP i.MX 6 with PAA
- Philips OS Linux 4.19 running on NXP SABRE Smart Devices Board with NXP i.MX 6 without PAA
- Philips OS Linux 5.4 running on Microchip SAMA5D3 Xplained with Microchip SMA5D3
- TACDS Linux v3 running on TACDS with ARM Cortex-A53 with PAA
- TACDS Linux v3 running on TACDS with ARM Cortex-A53 without PAA
- Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA (single-user mode).
Approved Algorithms
| AES |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| CKG |
vendor affirmed |
| DRBG |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| DSA |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| ECDSA |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| HMAC |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| KAS-SSC |
vendor affirmed |
| RSA |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| SHA |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| Triple-DES |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
Allowed Algorithms
RSA (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
1.0 and 1.0.1
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
