Implement FIPS 140-2 with openssl

huangapple go评论69阅读模式
英文:

Implement FIPS 140-2 with openssl

问题

我想使用openssl和FIPS 140-2来加密和解密文件。

源操作系统:ubuntu 18.04。
我已按照以下步骤进行操作:
1)卸载了现有的openssl版本。
2)下载了openssl-3.1.0.tar.gz,并使用以下命令进行编译(./configure,make,make install)。
3)现在我已经下载了openssl-fips-2.0.16.tar.gz,并使用以下命令进行编译(./configure,make,make install)。
4)导出OPENSSL_FIPS=/root/openssl-fips-2.0.16
5)从openssl-3.1.0文件夹中执行以下命令以启用openssl使用fips模块./config --prefix=/usr/local/ssl enable-fips,然后进行make和make install。
6)现在,如果我执行以下命令,我在openssl version -a中看不到任何fips版本,同时openssl rand -fips 32 > aes_key.bin给我一个rand: Unknown option: -fips的错误。

不确定我是否操作正确。

英文:

I want to use openssl with fips 140-2 to encrypt and decrypt files.

Source OS: ubuntu 18.04.
I have followed below steps:

  1. I have uninstalled the existing openssl version.
  2. Downloaded openssl-3.1.0.tar.gz, and compiled it with following commands (./configure,make, make install).
  3. Now i have downloaded openssl-fips-2.0.16.tar.gz, and compiled with following commands (./configure,make, make install)
  4. export OPENSSL_FIPS=/root/openssl-fips-2.0.16
  5. executed the command from openssl-3.1.0 folder to enable openssl use fips module ./config --prefix=/usr/local/ssl enable-fips following make and make install.
  6. Now if i execute followi command i am not seeing any fips version in openssl version -a,
    also openssl rand -fips 32 > aes_key.bin gives me rand: Unknown option: -fips
    this error.

Not sure if i am doing it correct.

答案1

得分: 1

以下是翻译好的部分:

"Followed below steps to install.

  1. Downloaded openssl-3.1.0.tar.gz, and compile it with following commands (./configure, make, make test, make install)
  2. To Enable fips to used alongside with openssl use below commands (./config fips enable-fips, Make, Make install openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib64/ossl-modules/fips.so)
  3. couple of changes in openssl.conf mentioned as here openssl"

请注意,我只提供了翻译,不包含问题回答或其他内容。

英文:

Followed below steps to install.

  1. Downloaded openssl-3.1.0.tar.gz, and compile it with following commands (./configure,make,make test, make install)
  2. To Enable fips to used alongside with openssl use below commands (./config fips enable-fips,Make,Make install
    openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib64/ossl-modules/fips.so)
  3. couple of changes in openssl.conf mentioned as here openssl

huangapple
  • 本文由 发表于 2023年4月17日 16:14:30
  • 转载请务必保留本文链接:https://go.coder-hub.com/76033013.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定