[Mono-dev] FIPS 140 cryptography

Vladimir Giszpenc vgiszpenc at dsci.com
Thu Oct 11 11:04:54 EDT 2007


> No. The short story is that "it's a big, long and costly project" and
> that there's been, so far, not many demand for it (wrt to other Mono
> features).

I agree that there are more pressing needs, but it never hurts to voice
own so they are recognized.  I am a big Mono proponent, but it is
to compete with Java on maturity of tools.  

> While it's less elegant (imho) you can still use FIPS140 certified
> crypto in Mono by wrapping an existing toolkit (e.g. nss) in C# [1]
> using this as a replacement [2] for Mono's crypto (split in both
> Mono.Security and mscorlib).

The Java community has JSS.  Would asking for a MonoSS be asking too
That seems like a big project as well.  This is not even what I am
looking for.  I need SSH.  I found the capability in SharpSSH, but in
for me to make certification labs happy, I need the encryption used in
SSH implementation to be FIPS 140 compliant.

> [1] which is exactly what MS is doing on Windows: the FIPS140 crypto
> comes from CryptoAPI (managed stuff isn't certified) and wrapped in
> class library.
> [2] it's possible to remap cryptographic algorithms using
> (so all mono tools and *correctly* written applications/libraries will
> be using your own crypto).

That is nice for Windows, but I am targeting Linux.  I would love to
some config file at NSS.  Is there any chance such a thing will happen?

I am a little peon doing R&D hoping to move the Army toward accepting
Any help you can give me would be much appreciated!

Many Thanks,

Vladimir Giszpenc
DSCI Contractor Supporting
US Army CERDEC S&TCD IAD Tactical Network Protection Branch
(732) 532-8959

More information about the Mono-devel-list mailing list