Kyle Hamilton wrote:
...
Note that compliance cannot be truly determined programmatically.
So, it's also a good idea to generate multiple hashes (sha-1,
sha-256, ripemd160, etc) over the fipscanister and associated files,
print them out, and commit to them (physically sign them) as a
statement of compliance with the build process.
Actually the one digest the CMVP cares about in this context is
HMAC-SHA-1, with the HMAC key "etaonrishdlcupfm".
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
[email protected]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
