Cryptographic Module Validation Program CMVP

Certificate #3503

Details

Module Name
KeyPair FIPS Object Module for OpenSSL
Standard
FIPS 140-2
Status
Active
Sunset Date
12/2/2023
Validation Dates
08/01/2019;11/14/2019;07/10/2020
Overall Level
1
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #3335.
Security Level Exceptions
  • Roles, Services, and Authentication: Level 2
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The KeyPair FIPS Object Module for OpenSSL is a software library replacement for applications that use OpenSSL 1.0.2 and require FIPS 140-2 validated cryptography (including FIPS 186-4 RSA KeyGen). Please contact KeyPair Consulting to include your desired operating system as a Tested Configuration on a FIPS 140-2 certificate branded in your company's name.
Tested Configuration(s)
  • CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
  • CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
  • CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
  • Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 with PAA
  • Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 without PAA
  • Tested as meeting level 1 with CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
  • Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
  • Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
  • Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
  • Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA (single user mode)
FIPS Algorithms
AES Certs. #C904, #C1318 and #C1795
CKG vendor affirmed
CVL Certs. #C904, #C1318 and #C1795
DRBG Certs. #C904, #C1318 and #C1795
DSA Certs. #C904, #C1318 and #C1795
ECDSA Certs. #C904, #C1318 and #C1795
HMAC Certs. #C904, #C1318 and #C1795
RSA Certs. #C904, #C1318 and #C1795
SHS Certs. #C904, #C1318 and #C1795
Triple-DES Certs. #C904, #C1318 and #C1795
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #C904, #C1318 and #C1795, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
1.0

Vendor

KeyPair Consulting Inc.
987 Osos Street
San Luis Obispo, CA 93401
USA

Mark Minnoch
mark@keypair.us
Phone: 805-316-5024
Fax: N/A
Steve Weymann
steve@keypair.us
Phone: 805-316-5024

Lab

ACUMEN SECURITY, LLC
NVLAP Code: 201029-0