FIPS 140-2 Inquiry Regarding XML Encryption from Krug, Jeff on 2011-12-02 (public-xmlsec-comments@w3.org from December 2011)

From: Krug, Jeff <Jeff.Krug@gtri.gatech.edu>
Date: Fri, 2 Dec 2011 05:49:52 +0000
To: "public-xmlsec-comments@w3.org" <public-xmlsec-comments@w3.org>
Message-ID: <3842CE277812C547BCEC106B7EC20B5761F9DD38@apatlisdmbx02>

GTRI is trying to ascertain authoritatively whether the use of RSA-OAEP for key transport within XML encryption is considered FIPS 140-2 compliant. FIPS PUB 140-2 Annex D specifies that the key transport algorithms from NIST SP 800-56B are acceptable key establishment techniques. NIST SP 800-56B specifies RSA-OAEP is acceptable.  What seems to confuse the issue is that Annex A limits what is acceptable from from RSA's PKCS v2.1 standard.  Additionally there is a great deal of FIPS documentation pushing for the use of SHA2 or better (although it's not clear if that push impacts key transport the same way it impacts digital signatures).  These variations are making it hard to determine if the key transport mechanism (http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p) described in section 5.4.2 of http://www.w3.org/TR/xmlenc-core/ would be considered FIPS compliant.

I noticed in the latest draft of the standard, the mask generating function may be changed from mgf1sha1 to use SHA2s, but I'm primarily interested in the specific implementation defined in 2002.

Thanks,
Jeff

Received on Friday, 2 December 2011 15:37:06 UTC