[Cryptography] FIPS 140 validated crypto module on Android?

Michael Nelson nelson_mikel at yahoo.com
Sun Nov 15 20:06:18 EST 2020


We need a FIPS 140-2 validated crypto module on Android mobile devices to do some simple encryption. Does anyone know of an available such module?

One issue for the provider is of course that there are many hardware platforms/models -- Samsung, Motorola, Google Pixel, etc. There are also many versions of the OS.

Ideally, there would be some module that was validated on most, or at least some, of the current configurations, and the module validation would be updated regularly for the newer phones/OS-versions.

The NIST website lists the OpenSSL fips library on the "historical" list. There are about 15 Android-related configurations ending with Android 5.0 in 2018. So that is out. It doesn't exist, but hypothetically the sort of thing that would be suitable is: an OpenSSL fips build that ran on most current Android phones, was validated on some of them, and for which the validation deltas were done once a year or something.It doesn't have to be OpenSSL.

Any pointers?

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20201116/da04adde/attachment.htm>


More information about the cryptography mailing list