Brendan Simon wrote:
I have been using openssl-0.9.6d and using PKCS#1.
I have a requirement to be compliant with FIPS140-2 and it seems that
PKCS#1 is not compliant with FIPS140-2 :(
It seems that I must use ANSI X9.31 to generate random numbers to be
FIPS140-2 compliant.
I was told that newer versions of openssl had support for X9.31.
I have downloaded that latest version (0.9.8) and could not find any
references to X9.31.
Browsing CVS I can see there are some references to X9.31 in
openssl-0.9.7-stable.
My questions are:
Is there such a release as 0.9.7-stable ?
If so, does 0.9.7-stable have some features that 0.9.8 does not have ?
I assume that 0.9.8 is the latest release and would have the most
features (apart from development snapshots and cvs).
What is the appropriate version of openssl to use to get X9.31
functionality?
If not in openssl, where else can I get this functionality that will
intereoperate with other openssl crypto functionality.
Hopefully someone can answer my questions or point me in the right
direction.
Cheers,
Brendan Simon.
0.9.8 doesn't have all of the components added yet that are in previous
versions. Use 0.9.7g for the time being.
That said, I believe a recent discussion showed that OpenSSL is waiting
for FIPS acceptance. See the archives for the discussion on the topic.
--
Thomas Hruska
Shining Light Productions
Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL.
http://www.slproweb.com/
Ask me about discounts on any Shining Light Productions product!
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
