Hi Yuri, Did you get the answers to your question ? Even I have similar questions. Do you have any idea if we can include fips capable library to AOSP ?
Thanks, Nikita On Thursday, January 22, 2015 at 4:09:43 PM UTC+5:30, Yuri Glick wrote: > > Hi, > > I want to create an Android FIPS Capable app (140-2 level 1). In the app > I use network communications (Android SDK, HttpClient), encryption > (bouncy-castle) and GCM (GooglePlayServices). How can I do it? > > As I understood from this post: > > http://security.stackexchange.com/questions/37488/fips-compliance-for-my-android-project > > <http://www.google.com/url?q=http%3A%2F%2Fsecurity.stackexchange.com%2Fquestions%2F37488%2Ffips-compliance-for-my-android-project&sa=D&sntz=1&usg=AFQjCNELajjKxzaL3L3-12BLfL4QA-YUsA> > > First step: > I should use FIPS Validated libraries. > > Second step: > Send the app to NIST to validate it? > > > 1) Network communication: > I know that there is OpenSSL FIPS Validated lib and I can built it for > Android. > http://wiki.openssl.org/index.php/Android#Using_OpenSSL_in_an_Application > > After I built the openSSL FIPS Capable lib I should copy *.so files to my > project. > I should add to code instructions that Java system loader should load > openSSL library from the project. > Should I do something else? > > 2) Encryption (bouncy-castle) > I know that bouncy-castle is not FIPS capable library, so I must change > it. Can you recommend some library? > I know there is some encryption library from Mozilla (NSS). Can I use it > for Android? > > 3) GooglePlayServices > If I change openSSL module I believe that Google play services uses this > module. Is it right? > If Google play services uses some encryption how can It be FIPS capable? > > Thanks. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
