Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for FIPS series #285

Open
aurabindo opened this issue Jul 13, 2021 · 2 comments
Open

Support for FIPS series #285

aurabindo opened this issue Jul 13, 2021 · 2 comments

Comments

@aurabindo
Copy link

Both Yubico 4 and 5 series has separate FIPS version listed in the official website. Are the FIPS versions of v4 and v5 supported as well? It would be useful to clarify this in the readme.
@tony-iqlusion
Copy link
Member

That's an interesting question. Unfortunately we don't have the FIPS devices to test against.

The ciphersuites supported by YubiKeys are all FIPS-approved algorithms. Hypothetically it could work, but we would really need someone to test against an actual hardware device to know for sure.

@joostd
Copy link
Contributor

joostd commented Feb 4, 2025

Running

cargo test -- --ignored --skip generate_self_signed_rsa_cert

on a YubiKey 4 FIPS (fw 4.4.5) passes. The reason generate_self_signed_rsa_cert fails is that RSA 1024 is not FIPS 140-2 approved (Changing to RSA2048 does pass).

Willing to test on a newer YubiKey 5 FIPS as soon as #589 is merged (TDES is not FIPS 104-3 approved).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joostd @aurabindo @tony-iqlusion