Ir para o conteúdo

FIPS Compliance

The National Institue of Standards and Technology (NIST) defines the Federal Information Processing Standards (FIPS).

FIPS are standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce.

Vinyl is a .NET application. The following page states Microsoft's position on FIPS-compliance with regards to .NET:

https://docs.microsoft.com/en-us/dotnet/standard/security/fips-compliance

In the context of Vinyl, FIPS-compliance restricts the use of cryptograpy to:

  • FIPS-validated cryptographic libraries.
  • FIPS-approved cryptographic algorithms and key sizes.

Cryptography includes:

  • Random number generation
  • Hashing
  • Encryption
  • Digital Signatures
  • Certificate storage and encoding

Configuration

Vinyl does not require any special configuration to enable FIPS-compliance.

Vinyl itself does not implement any cryptographic algorithms. Vinyl delegates all cryptographic operations to the host operating system. If the host operating system is properly configured, Vinyl will use FIPS-validated implementations.

Vinyl generates security tokens using only FIPS-approved algorithms. Where possible, Vinyl asserts that third-party security tokens, such as digital signatures, use only FIPS-approved algorithms.

Enabling FIPS on Windows

On Windows, the Use FIPS-compliant algorithms for encryption, hashing, and signing system policy enables FIPS-mode.

Enabling FIPS on Linux

Linux has no equivalent to the Windows FIPS system policy. Enabling FIPS on Linux varies by distribution and is outside the scope of this document. The following links provide a starting point for several distributions:

Ultimately, .NET delegates to OpenSSL. Therefore, a FIPS-validated implementation of OpenSSL must be installed. Furthermore, OpenSSL must be configured to run in FIPS-mode by, e.g., setting the OPENSSL_FIPS environment variable.

Uses of Cryptography

Vinyl uses cryptography in various subsystems, including: