Devart Forums

Discussion forums for open issues and questions concerning database tools, data access components and developer tools from Devart
https://forums.devart.com/

SHA-1, AES and 3DES: is SecureBridge FIPS 140.2 compliant ?

https://forums.devart.com/viewtopic.php?f=27&t=18262

Page 1 of 1

SHA-1, AES and 3DES: is SecureBridge FIPS 140.2 compliant ?

Posted: Sun 20 Jun 2010 18:06
by JayM
Platform: Using Delphi Rad Studio 2007 on Windows XP SP3 and Vista
Reference: http://csrc.nist.gov/groups/STM/cmvp/do ... al-all.htm
Requirement: FIPS 140.2 compliant encryption
========
My application obtains/creates sensitive data in PLAIN TEXT that it MUST save to file using *** FIPS 140.2 compliant encryption ***.

The URL above lists FIPS VALIDATED modules. Windows CryptoAPI is a validated module.

Questions:
1. Key Question: Does SecureBridge use Windows CryptoAPI for SHA-1, AES and Triple DES encryption? If no, does it use FIPS 140,2 validated code?
2. If yes, can it encrypt/decrypt plain text of any size (most of my needs are trivial - in range of 100 KB to 200 KB of plain text; occasionally larger)?
3. [NOT so important but good to have] Encrypted data in #2 will be saved to file and decrypted when read back from file. Does SecureBridge provide any functionality to save/load while performing encryption/decryption on the way?

Thank you

Posted: Mon 21 Jun 2010 10:14
by Dimon
Now SecureBridge is not FIPS compliant. It doesn't use Windows CryptoAPI for encryption. We are using our own implementation of this algorithms. Also SecureBridge doesn't provide components to encrypt/decrypt data, but it supports SSH and SSL algorithms.

Posted: Mon 21 Jun 2010 14:23
by JayM
Dimon: Thank you for your prompt reply.

Is anyone interested in writing or sharing Delphi code for a small fee using Windows CryptoAPI ? As noted in my original message, I need encryption/decryption implementation using CryptoAPI for Triple DES and/or AES 128 algorithms - preferably both.

If interested please write to me privately: mavi [dot] SupraVISTA [at] gmail.com

(I have figured out how to do this for MD5 and SHA-1 hashing using CryptoAPI, so don't need that. I am using JEDI WCrypt2.)

Note for Dimon: I am sure you are well aware of BUSINESS significance of FIPS compliance (both for SecureBridge and your ]potential] customers) since government is the largest purchaser of health-care IT and of all IT products in general. So, I hope you will consider this in your spare time :idea:

Posted: Tue 22 Jun 2010 10:03
by Dimon
Thank you for your inquiry. We will investigate the possibility of adding this functionality in the future. As soon as we solve this question we will let you know.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/