Our company is working on getting FIPS validation for the iOS app and is in the initial phase. We have decided to use a private FIPS-certified libraries for using in the crypto modules. I have some questions regarding that.
- If I include the fipscanister and the openssl TLS libraries in the build and use only the TLS library's FIPS certified cryptocalls can I say the app is FIPS-validated ? If not else what else I should do ? ( we use a variation of device udid as the encryption key for the AES encrption since the app is not a password based app).
- I heard some thing like integrity check. What does it mean ?
- Do I have to change anything in the build process apart from these changes?
- While I read somewhere that for android, there must be an external key to the crypto module which is used to generate an internal key with the use of FIPS approved CSPRNG to encrypt and decrypt the data. Does the same requirement apply to iOS too?
Aucun commentaire:
Enregistrer un commentaire