问题
I have client who wants our application to use FIPS 140-2 validated cryptography. The app uses Okhttp and does some HTTPS requests. AFAIK Android uses OpenSSL C library and uses java wrapper javax/net/ssl.
Questions:
How to make android Application FIPS 140 -2 Complaint?
Is it not android at stack(OS) level should use FIPS Compliant OpenSSL, hence all app are default FIPS 140 -2 Compliant?
Or our app should use FIPS 140-2 validated cryptography and make java javax/net/ssl to use it? Feasible?
Is there a FIPS 140-2 JCE library which can be pluggable to OKhttp?
Thanks
回答1:
Modified OKHTTP and OKIO code to use the WolfSSL java wrappers and made it work.
Now any https requests made will go to WolfSSL layer instead of stock android BoringSSL/OpenSSL.
来源:https://stackoverflow.com/questions/38353513/make-a-android-application-use-fips-140-2-valiated-cryptography