Module Name
KeyPair FIPS Object Module for OpenSSL
Historical Reason
Moved to historical list due to sunsetting
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3335.
Security Level Exceptions
- Roles, Services, and Authentication: Level 2
- Physical Security: N/A
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The KeyPair FIPS Object Module for OpenSSL is a software library replacement for applications that use OpenSSL 1.0.2 and require FIPS 140-2 validated cryptography (including FIPS 186-4 RSA KeyGen). Please contact KeyPair Consulting to include your desired operating system as a Tested Configuration on a FIPS 140-2 certificate branded in your company's name.
Tested Configuration(s)
- Android 10 running on Samsung Galaxy S9 with Qualcomm SDM845 with PAA
- Android 10 running on Samsung Galaxy S9 with Qualcomm SDM845 without PAA
- CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- CentOS 7 running on Ampere® Altra® 2U Server R272-P33 with Ampere® Altra® SOC with Aarch64 ARMv8 with PAA
- CentOS 7 running on Ampere® Altra® 2U Server R272-P33 with Ampere® Altra® SOC with Aarch64 ARMv8 without PAA
- CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 with PAA
- Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 without PAA
- PexOS 1.0 on Vmware ESXi 7 running on Dell R640 with Intel Gold 6208U with PAA
- PexOS 1.0 on Vmware ESXi 7 running on Dell R640 with Intel Gold 6208U without PAA
- Philips OS Linux 4.19 running on NXP SABRE Smart Devices Board with NXP i.MX 6 with PAA
- Philips OS Linux 4.19 running on NXP SABRE Smart Devices Board with NXP i.MX 6 without PAA
- Philips OS Linux 5.4 running on Microchip SAMA5D3 Xplained with Microchip SMA5D3
- TACDS Linux v3 running on TACDS with ARM Cortex-A53 with PAA
- TACDS Linux v3 running on TACDS with ARM Cortex-A53 without PAA
- Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA (single-user mode)
Approved Algorithms
| AES |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| CKG |
vendor affirmed |
| DRBG |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| DSA |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| ECDSA |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| HMAC |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| KAS-SSC |
vendor affirmed |
| RSA |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| SHA |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
| Triple-DES |
Certs. #C904, #C1318, #C1795, #A952 and #A1933 |
Allowed Algorithms
RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
1.0 and 1.0.1
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
