[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cryptography] FIPS 140 validated crypto module on Android?

We need a FIPS 140-2 validated crypto module on Android mobile devices to do some simple encryption. Does anyone know of an available such module?

One issue for the provider is of course that there are many hardware platforms/models -- Samsung, Motorola, Google Pixel, etc. There are also many versions of the OS.

Ideally, there would be some module that was validated on most, or at least some, of the current configurations, and the module validation would be updated regularly for the newer phones/OS-versions.

The NIST website lists the OpenSSL fips library on the "historical" list. There are about 15 Android-related configurations ending with Android 5.0 in 2018. So that is out. It doesn't exist, but hypothetically the sort of thing that would be suitable is: an OpenSSL fips build that ran on most current Android phones, was validated on some of them, and for which the validation deltas were done once a year or something.It doesn't have to be OpenSSL.

Any pointers?


The cryptography mailing list
cryptography AT metzdowd.com