U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Computer Security Resource Center

Computer Security Resource Center

    Projects Cryptographic Module Validation Program Validated Modules Search

Cryptographic Module Validation Program CMVP

Certificate #3503

Details

Module Name
KeyPair FIPS Object Module for OpenSSL
Standard
FIPS 140-2
Status
Active
Sunset Date
12/2/2023
Validation Dates
08/01/2019;11/14/2019;07/10/2020;04/06/2021;04/27/2021
Overall Level
1
Caveat
When operated in FIPS mode. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #3335.
Security Level Exceptions
  • Roles, Services, and Authentication: Level 2
  • Physical Security: N/A
  • Design Assurance: Level 3
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The KeyPair FIPS Object Module for OpenSSL is a software library replacement for applications that use OpenSSL 1.0.2 and require FIPS 140-2 validated cryptography (including FIPS 186-4 RSA KeyGen). Please contact KeyPair Consulting to include your desired operating system as a Tested Configuration on a FIPS 140-2 certificate branded in your company's name.
Tested Configuration(s)
  • Android 10 running on Samsung Galaxy S9 with Qualcomm SDM845 with PAA
  • Android 10 running on Samsung Galaxy S9 with Qualcomm SDM845 without PAA
  • CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
  • CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
  • CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
  • CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
  • Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 with PAA
  • Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 without PAA
  • PexOS 1.0 on Vmware ESXi 7 running on Dell R640 with Intel Gold 6208U with PAA
  • PexOS 1.0 on Vmware ESXi 7 running on Dell R640 with Intel Gold 6208U without PAA
  • Philips OS Linux 4.19 running on NXP SABRE Smart Devices Board with NXP i.MX 6 with PAA
  • Philips OS Linux 4.19 running on NXP SABRE Smart Devices Board with NXP i.MX 6 without PAA
  • Philips OS Linux 5.4 running on Microchip SAMA5D3 Xplained with Microchip SMA5D3
  • Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
  • Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
  • Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
  • Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA (single-user mode)
FIPS Algorithms
AES Certs. #C904, #C1318, #C1795 and #A952
CKG vendor affirmed
CVL Certs. #C904, #C1318, #C1795 and #A952
DRBG Certs. #C904, #C1318, #C1795 and #A952
DSA Certs. #C904, #C1318, #C1795 and #A952
ECDSA Certs. #C904, #C1318, #C1795 and #A952
HMAC Certs. #C904, #C1318, #C1795 and #A952
KAS-SSC vendor affirmed
RSA Certs. #C904, #C1318, #C1795 and #A952
SHS Certs. #C904, #C1318, #C1795 and #A592
Triple-DES Certs. #C904, #C1318, #C1795 and #A952
Allowed Algorithms
NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
1.0

Vendor

KeyPair Consulting Inc.
987 Osos Street
San Luis Obispo, CA 93401
USA

Mark Minnoch
mark@keypair.us
Phone: 805-316-5024
Fax: N/A
 Steve Weymann
steve@keypair.us
Phone: 805-316-5024

Related Files

Security Policy
Consolidated Certificate

Lab

ACUMEN SECURITY, LLC
NVLAP Code: 201029-0