Usage of MD5 in FIPS approved mode

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Usage of MD5 in FIPS approved mode

Darshan Mahor
Hi Team,

I know that we don't support MD5 in FIPS approved only mode but due to some backward compatibility issues. I need to use MD5 in FIPS mode.

The same behavior i.e.,use of MD5 in FIPS mode, in RSA can be achieved by providing some context during creation of provider. Please check the below code snippet for information.


If the system is in FIPS mode then below code snippet will provide you both providers i.e., fips and non-fips  (in FIPS mode).


Provider nonFipsProvider = new JsafeJCE(new FIPS140Context(CryptoJ.NON_FIPS140_MODE));  // It will provide you a non-fips provider in FIPS mode

Provider fipsProvider = new JsafeJCE(); // this will provide you FIPS provider if system is in FIPS mode 

Is there any kind of similar approach that can be used here for creating non-FIPS BC provider in FIPS Approved only mode?



-- 
Darshan

Reply | Threaded
Open this post in threaded view
|

Re: Usage of MD5 in FIPS approved mode

David Hook-3

We don't support anything like this at the moment.

MD5 is actually allowed for use with TLS. The FIPS provider (1.0.1) version makes it available for that reason. Please note any other usage may be in violation of the modules security policy.

Regards,

David

On 16/05/18 22:22, Darshan Mahor wrote:
Hi Team,

I know that we don't support MD5 in FIPS approved only mode but due to some backward compatibility issues. I need to use MD5 in FIPS mode.

The same behavior i.e.,use of MD5 in FIPS mode, in RSA can be achieved by providing some context during creation of provider. Please check the below code snippet for information.


If the system is in FIPS mode then below code snippet will provide you both providers i.e., fips and non-fips  (in FIPS mode).


Provider nonFipsProvider = new JsafeJCE(new FIPS140Context(CryptoJ.NON_FIPS140_MODE));  // It will provide you a non-fips provider in FIPS mode

Provider fipsProvider = new JsafeJCE(); // this will provide you FIPS provider if system is in FIPS mode 

Is there any kind of similar approach that can be used here for creating non-FIPS BC provider in FIPS Approved only mode?



-- 
Darshan