FIPS 140-2 Compliant Algorithms

Question

Is there any reference to check the list of encryption & signing algorithms which are compliant to FIPS 140-2. After an exhaustive search I could find only "AES".

Any suggestions would be much appreciated.

Siva, FYI - SHA1 for certificate use has been deprecated by the industry. Any new certificates generated should use a stronger hashing algorithm. — Sakthi Kumaran Suriya, Nov 16 '15 at 05:57
@SakthiKumaranSuriya for FIPS compliance, SHA-1 has been deprecated as of 2010 for most uses — Richie Frame, Nov 16 '15 at 10:09

score 24 · Accepted Answer · answered Sep 21 '12 at 15:41

24

Take a look at FIPS 140-2 Annex A. It lists the following:

Symmetric Key
- AES, Triple-DES, Escrowed Encryption Standard
Asymmetric Key
- DSA, RSA, ECDSA
Hash Standards
- SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
Random number generators
- See annex c
Message authentication
- CCM, GCM, GMAC, CMAC, HMAC

answered Sep 21 '12 at 15:41

mikeazo

38,133
8
110
176

What about DES? – mistika Aug 06 '15 at 15:16
3

The FIPS 140-2 states that approved security function is either specified in the list of approved functions (which annex A is), or specified in a Federal Information Processing Standard(FIPS). The DES is specified in FIPS. However FIPS 140-2 Implementation Guide states that DES is not approved since May 19, 2007. And looking at the List of FIPS-140 validated modules I can see that DES is listed only in *other algorithms* section. However, Microsoft .Net Framework doesn't thrown an exception if you try to use DES when FIPS policy is forced (as it does with other non-approved algorithms). – mistika Aug 06 '15 at 15:23
2

@mistika Original/single DES (formally DEA) *was* specified by FIPS 46, through several revisions, but 46-3 was withdrawn in 2005, see http://csrc.nist.gov/publications/PubsFIPSArch.html . "Triple-DES" or "3DES" (formally TDEA) *only*, *not* single-DES, was reissued as a special publication (SP800-67) -- and that SP is referenced by current 140-2 IG and 140-2 annex A. – dave_thompson_085 Nov 16 '15 at 22:14
1

the FIPS document is a draft – David 天宇 Wong Mar 06 '19 at 03:09
In the approved modes there is ECB in, SP 800-38A, why is that even if it's not recommended by the security community ? – 3lokh Sep 18 '19 at 09:14
Any idea about key exchange algorithms e.g for openssh client ? – 3lokh Nov 13 '19 at 07:04
Per this post and the references it provides, I switched a web application from Rijndale to AES and the FIPS errors from ASP.NET / IIS ceased. – qxotk Aug 22 '22 at 17:54
You also need to look at Annex D, which lists "Key Establishment Techniques". That contains RSA _encryption_ (OAEP or KEM), Diffie-Hellman, PBKDF2 etc. For FIPS 140-3 the reference appears to be [NIST SP 800-140Cr1 ](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140Cr1.pdf) – Neil Madden Sep 29 '22 at 09:11

score 2 · Answer 2 · answered Sep 21 '12 at 15:43

The current list of FIPS-approved cryptographical methods is here.

For encryption, we're limited to AES, 3DES (known as TDEA in FIPS-speak), and EES (Skipjack).

As for signing algorithms, we have RSA, DSA and ECDSA.

Note that the list of FIPS-approved algorithms does change at times; not extremely frequently, but more often than they come out with a new version of FIPS 140.

score 1 · Answer 3 · answered Feb 23 '18 at 00:03

1

Looks like there is no FIPS 140-2 approved asymmetric encryption algorithm, as DSA/RSA/ECDSA are only approved for key generation/signature.

answered Feb 23 '18 at 00:03

wye

11
1

My understanding is that RSA can be used to encrypt a symmetric key, so you then perform a (standard) hybrid encryption. TBH, you really have to do this anyway with RSA. – user7761803 Mar 15 '19 at 13:41

FIPS 140-2 Compliant Algorithms

3 Answers3

Linked