Page MenuHome GnuPG

GPG 2.4.0 encrypted files in FIPS mode is non-compliant
Closed, ResolvedPublic



We found out that files encrypted in FIPS mode is FIPS non-compliant.

Repro: generate gpg keys in non-FIPS mode. Switch to FIPS mode and attempt to encrypt a file. The encrypted file will be in OCB mode.

Vicky Wu


GPG 2.4.0

Event Timeline

werner claimed this task.
werner edited projects, added FIPS, gnupg, Not A Bug; removed Bug Report.
werner added a subscriber: werner.

GnuPG is and can't be FIPS-140-3 compliant due to the way it is implemented. We may eventually employ the new hash-and-sign API of Libgcrypt to move into this direction but that has not yet been done. However, this also requires the use of the new indicator API and the, well, a RedHat kernel.