FIPS Validation
NSS FIPS 140 validation
Softoken is a component of NSS, and has a separate version number. The most recent FIPS validated Softoken is 3.12.4 and is in NSS 3.12.4 and NSS 3.12.5 and NSS 3.12.6. Binaries are available | here.
NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, 2007 and 2009. View | NSS FIPS validation history here. View the FIPS2009 validation here.
This page documents our current NSS FIPS 140 validation.
Updates
April 2010 NSS Softoken has finished its validation NSS Certs
Platforms for 2011
- Level 1
- RHEL 6 x86 32 bit (no AES-NI)
- RHEL 6 x86 64 bit
Algorithms
Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms.
| Algorithms | Key Size | Modes | Certificates |
|---|---|---|---|
| TripleDES | KO 1,2,3 (56,112,168) |
TECB(e/d; KO 1,2,3) |
Pending] |
| AES | 128/192/256 |
ECB(e/d; 128,192,256) |
Pending |
| SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512) |
SHA-1 (BYTE-only) |
N/A |
Pending |
| HMAC |
HMAC-SHA1, HMAC-SHA256, |
KeySize < BlockSize, |
Pending |
| DRBG | N/A |
Hash_DRBG of NIST SP 800-90 |
Pending |
| DSA | 512-1024 |
PQG(gen)MOD(1024); |
Pending |
| RSA | 1024-8192 |
ALG[RSASSA-PKCS1_V1_5]; SIG(gen); SIG(ver); |
Pending |
| ECDSA
(Extended ECC) |
163-571 |
PKG: CURVES( ALL-P ALL-K ALL-B ); |
Not In 2011 Validation |
| ECDSA
(Basic ECC) |
256-521 |
PKG: CURVES( ALL-P P-256 P-384 P-521 ); |
Not In 2011 Validation |
Dependant Bugs
| Bug | Description | Completed |
|---|---|---|
Testing Lab
FIPS 140 Information
NIST Cryptographic Module Validation Program
NSS FIPS 140-2 Validation Docs
NSS FIPS 140-2 Validation Docs
FIPS 140-2 Derived Test Requirements (DTR)
FIPS 140-2 Derived Test Requirements (DTR)
Vendor Information
This validation is supported and maintained by the following corporations:
Red Hat, Inc.: http://www.redhat.com/about/contact/