Limiting the Use of FIPS 186-2

New guidance from the National Institute of Standards and Technology (NIST) regarding the use of Digital Signatures will be impacting a number of FIPS 140-2 validations in the near future. This guidance will send many vendor certifications to the dreaded Historical list; NIST specifically outlines that Federal agencies should not include products listed on the Historical site for new procurements.

Background

Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In January of 2000, NIST published the FIPS 186-2, Digital Signature Standard (DSS) which specified a suite of algorithms which could be used to generate a digital signature. In 2009 FIPS 186-2 was replaced by FIPS 186-3 which was in turn replaced by FIPS 186-4 in 2013. The latest iteration raises the minimum modulus size for most signature function to 2048 bits but continued to allow for a 1024-bit modulus for digital signature verification as a legacy function.

Because of this legacy function, algorithm testing against FIPS 186-2 has continued along with testing against the newer standard.

To ensure the cryptographic modules adhere to the newer standard, NIST has issued Implementation Guidance (IG) G.18 – Limiting the Use of FIPS 186-2. This IG extended the transition date to two months after ACVP Transition Date and clarified which modules will be moved to the historical list, and the methods to remain on (or be moved back to) the active list.

IG G.18 Impact

NIST has released the following information which will impact those companies leveraging FIPS 186-2:

1. Algorithm testing of signature verification implementations for their compliance with FIPS 186-2 will continue to be allowed for legacy purposes. The CAVP will stop validation testing to all other functions of FIPS 186-2 (including key generation and signature generation) on July 1, 2020.
2. On September 1, 2020, the CMVP will place modules on the historical list that were CAVP tested for the following:
   • FIPS 186-2 RSA SigGen when the modulus size is lower than 4096 – Modules that support testing to FIPS 186-4 SigGen at 2048 and/or 3072 bits and FIPS 186-2 RSA SigGen at 4096 bits only will not be moved to the historical list. It will be assumed to be done as an added assurance rather than claiming compliance to FIPS 186-2.
   • FIPS 186-2 RSA KeyGen at all modulus sizes – Modules that support testing to FIPS 186-2 RSA KeyGen will be moved to the historical list on the date referenced above

Products that leverage an internal FIPS module which support FIPS 186-2 KeyGen / SigGen will either need to be updated by the owner of the validation or the module will need to be replaced.

This guidance also relates to some of the confusion surrounding archiving of FIPS 140-2 validations that utilize OpenSSL FIPS Object Modules. It has been announced that support for these modules will not continue and they will be retired.

Solution

The good news is there are ways to correct the issue and keep your certification on the validated modules list. Depending on your scenario, you could correct the issue through a 1SUB or 3SUB.

Contact Corsec to discuss your resolution path.