Module Name
KeyPair FIPS Object Module for OpenSSL
Validation Dates
08/01/2019;11/14/2019;07/10/2020
Caveat
When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #3335.
Security Level Exceptions
- Roles, Services, and Authentication: Level 2
- Physical Security: N/A
- Design Assurance: Level 3
- Mitigation of Other Attacks: N/A
Embodiment
Multi-Chip Stand Alone
Description
The KeyPair FIPS Object Module for OpenSSL is a software library replacement for applications that use OpenSSL 1.0.2 and require FIPS 140-2 validated cryptography (including FIPS 186-4 RSA KeyGen). Please contact KeyPair Consulting to include your desired operating system as a Tested Configuration on a FIPS 140-2 certificate branded in your company's name.
Tested Configuration(s)
- CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- CentOS 7 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 with PAA
- Fedora Linux 24 running on Samsung ARTIK 710 SOM with ARM Cortex-A53 without PAA
- Tested as meeting level 1 with CentOS 6 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA
- Ubuntu 18.04 LTS running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 with PAA
- Windows Server 2019 running on HPE ProLiant DL60 Gen9 with Intel Xeon E5-2609 without PAA (single user mode)
Allowed Algorithms
Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #C904, #C1318 and #C1795, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)