Make a Android application use FIPS 140-2 valiated cryptography

|▌冷眼眸甩不掉的悲伤 提交于 2019-12-10 08:09:39

问题


I have client who wants our application to use FIPS 140-2 validated cryptography. The app uses Okhttp and does some HTTPS requests. AFAIK Android uses OpenSSL C library and uses java wrapper javax/net/ssl.

Questions:

  1. How to make android Application FIPS 140 -2 Complaint?

  2. Is it not android at stack(OS) level should use FIPS Compliant OpenSSL, hence all app are default FIPS 140 -2 Compliant?

  3. Or our app should use FIPS 140-2 validated cryptography and make java javax/net/ssl to use it? Feasible?

  4. Is there a FIPS 140-2 JCE library which can be pluggable to OKhttp?

Thanks


回答1:


Modified OKHTTP and OKIO code to use the WolfSSL java wrappers and made it work.

Now any https requests made will go to WolfSSL layer instead of stock android BoringSSL/OpenSSL.



来源:https://stackoverflow.com/questions/38353513/make-a-android-application-use-fips-140-2-valiated-cryptography

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!