FIPS 140-2 Compliant Algorithms

Question

Is there any reference to check the list of encryption & signing algorithms which are compliant to FIPS 140-2. After an exhaustive search I could find only "AES".

Any suggestions would be much appreciated.

Siva, FYI - SHA1 for certificate use has been deprecated by the industry. Any new certificates generated should use a stronger hashing algorithm. — Sakthi Kumaran Suriya, Nov 16 '15 at 05:57
@SakthiKumaranSuriya for FIPS compliance, SHA-1 has been deprecated as of 2010 for most uses — Richie Frame, Nov 16 '15 at 10:09

score 24 · Accepted Answer · answered Sep 21 '12 at 15:41

24

Take a look at FIPS 140-2 Annex A. It lists the following:

Symmetric Key
- AES, Triple-DES, Escrowed Encryption Standard
Asymmetric Key
- DSA, RSA, ECDSA
Hash Standards
- SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
Random number generators
- See annex c
Message authentication
- CCM, GCM, GMAC, CMAC, HMAC

answered Sep 21 '12 at 15:41

mikeazo

38,563
8
112
180

What about DES? – mistika Aug 06 '15 at 15:16
3

The FIPS 140-2 states that approved security function is either specified in the list of approved functions (which annex A is), or specified in a Federal Information Processing Standard(FIPS). The DES is specified in FIPS. However FIPS 140-2 Implementation Guide states that DES is not approved since May 19, 2007.
And looking at the List of FIPS-140 validated modules I can see that DES is listed only in other algorithms section. However, Microsoft .Net Framework doesn't thrown an exception if you try to use DES when FIPS policy is forced (as it does with other non-approved algorithms). – mistika Aug 06 '15 at 15:23
2

@mistika Original/single DES (formally DEA) was specified by FIPS 46, through several revisions, but 46-3 was withdrawn in 2005, see http://csrc.nist.gov/publications/PubsFIPSArch.html . "Triple-DES" or "3DES" (formally TDEA) only, not single-DES, was reissued as a special publication (SP800-67) -- and that SP is referenced by current 140-2 IG and 140-2 annex A. – dave_thompson_085 Nov 16 '15 at 22:14
1

the FIPS document is a draft – David 天宇 Wong Mar 06 '19 at 03:09
In the approved modes there is ECB in, SP 800-38A, why is that even if it's not recommended by the security community ? – nkg Sep 18 '19 at 09:14
Any idea about key exchange algorithms e.g for openssh client ? – nkg Nov 13 '19 at 07:04
Per this post and the references it provides, I switched a web application from Rijndale to AES and the FIPS errors from ASP.NET / IIS ceased. – qxotk Aug 22 '22 at 17:54
You also need to look at Annex D, which lists "Key Establishment Techniques". That contains RSA encryption (OAEP or KEM), Diffie-Hellman, PBKDF2 etc. For FIPS 140-3 the reference appears to be NIST SP 800-140Cr1 – Neil Madden Sep 29 '22 at 09:11

score 2 · Answer 2 · answered Sep 21 '12 at 15:43

The current list of FIPS-approved cryptographical methods is here.

For encryption, we're limited to AES, 3DES (known as TDEA in FIPS-speak), and EES (Skipjack).

As for signing algorithms, we have RSA, DSA and ECDSA.

Note that the list of FIPS-approved algorithms does change at times; not extremely frequently, but more often than they come out with a new version of FIPS 140.

score 1 · Answer 3 · answered Feb 23 '18 at 00:03

1

Looks like there is no FIPS 140-2 approved asymmetric encryption algorithm, as DSA/RSA/ECDSA are only approved for key generation/signature.

answered Feb 23 '18 at 00:03

wye

11
1

1

My understanding is that RSA can be used to encrypt a symmetric key, so you then perform a (standard) hybrid encryption. TBH, you really have to do this anyway with RSA. – user7761803 Mar 15 '19 at 13:41

FIPS 140-2 Compliant Algorithms

3 Answers3

Linked