Page MenuHome GnuPG

FIPS compliant RSA OAEP encryption
Open, NormalPublic


The FIPS 140-3 approves Key Transport Method using RSA-OAEP in NIST SP 800-56Brev2 [1].

In order to achieve the NIST SP 800-56Brev2 compliance, several checks must be implemented by the module which especially include assurances for the key pair owner (56Brev2 Section 6.4.1) and assurances for the public key recipient (56Brev2 Section 6.4.2). This might not be easy to achieve for a software module, but if I am right, this is now implemented in OpenSSL.

Therefore we consider for the FIPS mode any public key encryption/decryption interfaces non-approved. If we would like to revisit this in the future and certify public key encryption using RSA-OAEP, the above requirements need to be met.




Event Timeline

werner triaged this task as Normal priority.Oct 19 2022, 7:54 AM
werner added a subscriber: werner.

So, this is only for OAEP but not for ECDH? FWIW, GnUPG uses OAEP only for S/MIME.

Please note that: libgcrypt offers ECDH functionality by gcry_pk_encrypt/gcry_pk_decrypt to construct OpenPGP public-key encryption/decryption.

This is a bit confusing for libgcrypt users, API-wise.