Hi,
My goal is to use an API for AES encryption that is FIPS 140-2 compliant.
I am using AesCryptoServiceProvider.
My big question is, besides using it on the right platform, should the security policy FIPS mode be turned on to be FIPS 140-2 compliant??
I know the results of AesCryptoServiceProvider is the same irrespective of FIPS mode but is the internal behavior same as well(is it calling the validated implementation in both cases?)
I am terribly confused. Please help.
References:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.aescryptoserviceprovider.aspx
http://technet.microsoft.com/en-us/library/cc750357.aspx
Table 1 in the above has a listing of NIST certificates. following is for widows 2008. It says it has an overall level1 but it 140-2 validated when in FIPS mode
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1010
My goal is to use an API for AES encryption that is FIPS 140-2 compliant.
I am using AesCryptoServiceProvider.
My big question is, besides using it on the right platform, should the security policy FIPS mode be turned on to be FIPS 140-2 compliant??
I know the results of AesCryptoServiceProvider is the same irrespective of FIPS mode but is the internal behavior same as well(is it calling the validated implementation in both cases?)
I am terribly confused. Please help.
References:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.aescryptoserviceprovider.aspx
http://technet.microsoft.com/en-us/library/cc750357.aspx
Table 1 in the above has a listing of NIST certificates. following is for widows 2008. It says it has an overall level1 but it 140-2 validated when in FIPS mode
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1010