Our company is trying to get FIPS level 1 validation for our Android app. We are in the initial phase of research into this. The only thing that we encrypt is user password which is AES encrypted with DeviceId as the key. We are planning to use a FIPS certified private library for this process.
- So if we replace the current encryption module with the library's AES encryption, would the app be good enough for FIPS-validation ?
Is there any requirements for the encryption key ? I do not see anything in the FIPS requirements here. Does using device id ( I know it is not a good encryption key generally but still ) in any way break the compliance with FIPS ?
Aucun commentaire:
Enregistrer un commentaire