OpenSSL certification could expand U.S. government’s Open Source horizons
Dec 11, 2003 — by LinuxDevices Staff — from the LinuxDevices Archive — viewsOpenSSL could soon provide a validated mechanism through which a variety of applications could satisfy U.S. Government requirements for encryption, increasing the availability and lowering the costs of secure software for use by the Government. This will be possible if OpenSSL can secure National Institute of Science and Technology's (NIST) FIPS 140-2 level 1 cryptographic validation.
Participants in the effort to achieve this certification for OpenSSL include: the Defense Medical Logistics Standard Support Program (a DoD medical logistics program), HP, DOMUS IT Security Laboratory, PreVal Specialists, Inc., and representatives from the OpenSSL Project.
The Open Source Software Institute (OSSI) has posted an informational updated FAQ regarding the collaborative effort. The FAQ consists of some 26 questions and answers involving the process.
“We are very satisfied with the progress made to date and wanted to provide a public update on the effort,” said OSSI executive director John Weathersby. “Our team has submitted the code to the testing lab and now they're preparing the vendor evidence package. We'll have it turned over to NIST at the beginning of the new year for them to start their validation process.”
Weathersby adds, “This validation will be unique in that it will be the first applicable at the source code level, allowing use by many applications on a wide variety of platforms to satisfy FIPS 140-2 requirements. The availability of this open-source FIPS 140-2 validated cryptography will lower the cost and increase the availability of cryptographic applications for the U.S. Government.”
The FAQ can be found on the the OSSI website. Questions about the FIPS 140-2 validation effort for OpenSSL can be sent via email.
OpenSSL is part of the OpenSSL implementation of the Secure Socket Library (SSL) and Transport Layer Security. It can be used to perform cryptographic actions including:
- Creation of RSA, DH and DSA Key Parameters
- Creation of X.509 Certificates, CSRs and CRLs
- Calculation of Message Digests
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
- Handling of S/MIME signed or encrypted Mail
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.