[Cryptography] FIPS 140 validated crypto module on Android?
Sid Spry
sid at aeam.us
Sun Nov 15 23:09:49 EST 2020
On Sun, Nov 15, 2020, at 7:06 PM, Michael Nelson via cryptography wrote:
> We need a FIPS 140-2 validated crypto module on Android mobile devices
> to do some simple encryption. Does anyone know of an available such
> module?
>
> One issue for the provider is of course that there are many hardware
> platforms/models -- Samsung, Motorola, Google Pixel, etc. There are
> also many versions of the OS.
>
> Ideally, there would be some module that was validated on most, or at
> least some, of the current configurations, and the module validation
> would be updated regularly for the newer phones/OS-versions.
>
> The NIST website lists the OpenSSL fips library on the "historical"
> list. There are about 15 Android-related configurations ending with
> Android 5.0 in 2018. So that is out. It doesn't exist, but
> hypothetically the sort of thing that would be suitable is: an OpenSSL
> fips build that ran on most current Android phones, was validated on
> some of them, and for which the validation deltas were done once a year
> or something.It doesn't have to be OpenSSL.
>
> Any pointers?
>
https://en.wikipedia.org/wiki/Bouncy_Castle_(cryptography)#Certified_releases
Bouncy castle seems exactly what you want. FIPS 140-2 level 1 certified, Java or C#.
Both languages see major use on Android.
As an aside, I'd suggest avoiding doing native code work on Android. It is possible
but the platform was not meant for it.
More information about the cryptography
mailing list