Kyle Hamilton wrote:
The FIPS version of OpenSSL has an external verification
mechanism
which does not require a PGP signature verification. In the Security
Policy, there are keyed HMACs ...
Thanks for your reply, now this would be I think the second
verification, after the
Hi everyone,
I expect this has been asked before, but which PGP product is
appropriate for the FIPS validation of the FIPS ssl archive
(openssl-fips-1.1.1.tar.gz) via the openssl-fips-1.1.1.tar.gz.asc file?
I verified it with gpg, per the FIPS instructions ("gpg --verify *.asc
*.gz"), but I
The FIPS version of OpenSSL has an external verification mechanism
which does not require a PGP signature verification. In the Security
Policy, there are keyed HMACs for the source files which go into
fipscanister.o. A file inside the distribution mirrors this. During
the build process, an