[Mono-dev] FIPS 140 cryptography

Vladimir Giszpenc vgiszpenc at dsci.com
Fri Oct 17 08:45:01 EDT 2008

> > The Java community has JSS.  Would asking for a MonoSS be asking too
> > much?
> It depends from who you're asking ;-)

Think of me as an ISV that wants to produce applications for the US
government.  The entire federal government including DoD is mandated to
use FIPS compliant crypto libraries.  
> Network Security Services for Java (JSS) is provided by Mozilla. So
> Mozilla *could* do something like this (not Mono-specific but for
> all .NET users) just like they provide the API for Java.

OK.  Today the picture is a little different.  Red Hat produced Python
bindings https://fedoraproject.org/wiki/Features/PythonNSS .  These will
be in fedora 10.  And someone is producing Perl bindings

Making Mono and SuSE second class citizens in this realm.

> However I don't think this (NSS) should ever become a direct(*) Mono
> goal(**). Mono itself has already too many things to complete to
> a duplicate effort (since we already offer the same features).

I am going to show my inexperience so please don't get upset when you
tell me it is not so simple.  Is there not a way to automatically
generate a bunch of C# stubs based on the C headers?

> Besides NSS there are other FIPS140 certified libraries that could be
> wrapped to give the same end result. However I don't know any
> on Linux that have .NET binding.

If you are thinking of OpenSSL it is not as attractive (neither as
current nor Level 2 certified) as NSS.  If you are thinking of CryptoAPI
it is a Windows only technology.  I like NSS because it is cross
platform (on top of NSPR) and certified to the teeth.

Btw, will Crimson come out of hibernation?



More information about the Mono-devel-list mailing list