PDA

View Full Version : Apple FIPS Cryptographic Module




Filini
Jun 25, 2011, 10:01 PM
Hi all, guys anybody tell me, what is it Apple FIPS Cryptographic Module http://support.apple.com/kb/DL1372 this is single a software app or used with hardware modules, if yes which one?
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2011.htm the table display vendors which used this soft?
Just interesting for what this soft)) For example, i can used this soft for crypto my mail?



Nikh
Jun 26, 2011, 02:25 AM
This module is certified for use in environments (governments, for instance), where FIPS-140 compliant cryptography is required by security policy.
It just library, which will perform all cryptographic operations (signing/encryption), like other ones, except that it will make it in the way described in FIPS-140

Filini
Jun 26, 2011, 03:17 AM
Where i can see examples, how to use this library?

mycompuser
Jul 6, 2012, 01:52 AM
This module is certified for use in environments (governments, for instance), where FIPS-140 compliant cryptography is required by security policy.
It just library, which will perform all cryptographic operations (signing/encryption), like other ones, except that it will make it in the way described in FIPS-140

I have tried to understand this FIPS-140 compliant cryptography but not sure if my understanding is right.

I have listed my understanding of this link (http://support.apple.com/kb/HT5239) below.

This cryptography module is used to enforce security in the Apple OS using standard defined by FIPS 140-2. Does this happen by encrypting all the user info related files in the OS? Or is it only for third party application.

And for third party application, how does it achieve the security by consuming this cryptography module? Does an app use this crypto module to encrypt all it's config files/user related info thereby complying with this standard? Or is there something else to it?

Please do help me understand this.

Thanks & Regards.

gnasher729
Jul 6, 2012, 08:58 AM
This cryptography module is used to enforce security in the Apple OS using standard defined by FIPS 140-2. Does this happen by encrypting all the user info related files in the OS? Or is it only for third party application.

Nothing like that at all. There are functions for cryptography built into MacOS X. Software can use these functions. But you don't really know if all these functions work as intended, and whether the cryptography is really safe. That's what this is for: This cryptography module has been independently tested and verified by people who know what they are doing, so you know as a software developer that anything encrypted with this cannot be cracked. And the administrator tools let you verify that on a particular Mac, the right cryptography software is installed, and hasn't been replaced with something that is less safe.

So basically this just guarantees that cryptography on MacOS X isn't written by some clueless numpty and can be cracked, but is as safe as it can be. You still need software that uses it.

mycompuser
Jul 6, 2012, 09:56 AM
So basically this just guarantees that cryptography on MacOS X isn't written by some clueless numpty and can be cracked, but is as safe as it can be. You still need software that uses it.

Hi gnasher729,

Now I kinda get it. Basically cryptography module is an build-in framework provided by Mac OSX (following FIPS-140 encryption standard) for applications to encrypt/decrypt the data that they want to secure.

Is this encryption/decryption module available in Security.framework framework?

gnasher729
Jul 6, 2012, 07:31 PM
Hi gnasher729,

Now I kinda get it. Basically cryptography module is an build-in framework provided by Mac OSX (following FIPS-140 encryption standard) for applications to encrypt/decrypt the data that they want to secure.

Is this encryption/decryption module available in Security.framework framework?

To get started, go to developer.apple.com, get the free developer account, then check out the WWDC 2012 videos. There is one 1 hour video about everything related to security, including Security.framework.

mycompuser
Jul 8, 2012, 11:56 PM
To get started, go to developer.apple.com, get the free developer account, then check out the WWDC 2012 videos. There is one 1 hour video about everything related to security, including Security.framework.

I already have an account. Will try the same.
Thanks for the lead. :D