Page MenuHome GnuPG
Create Task
Maniphest T6489

GPG 2.4.0 encrypted files in FIPS mode is non-compliant
Closed, ResolvedPublic
Actions

Description

Hi,

We found out that files encrypted in FIPS mode is FIPS non-compliant.

Repro: generate gpg keys in non-FIPS mode. Switch to FIPS mode and attempt to encrypt a file. The encrypted file will be in OCB mode.

Best,
Vicky Wu

Details

Version
GPG 2.4.0

Event Timeline

vicwuqinyi created this task.May 15 2023, 4:40 PM
werner closed this task as Resolved.May 15 2023, 8:51 PM
werner claimed this task.
werner edited projects, added FIPS, gnupg, Not A Bug; removed Bug Report.
werner added a subscriber: werner.

GnuPG is and can't be FIPS-140-3 compliant due to the way it is implemented. We may eventually employ the new hash-and-sign API of Libgcrypt to move into this direction but that has not yet been done. However, this also requires the use of the new indicator API and the, well, a RedHat kernel.