Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-9248

Add option to certificate serial number generator to use a FIPS/SP800 BC hybrid entropy source

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.4.1
    • Component/s: None
    • Labels:
    • Provenance:
      Internal Delivery
    • Issue discovered during:
      Another issue

      Description

      BCSP800Hybrid implements a FIPS/SP800 compliant DRBG chain. After initial seed generation the base source uses a
      separate thread to gather seed and a core DRBG to satisfy any requests for seed material while it waits.
      There is no noticeable performance difference using this algorithm, so it could be used instead of the default to prove a FIPS compliant method in use.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tomas Tomas Gustavsson
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Jekaterina Bunina
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 hours
                  2h
                  Remaining:
                  Remaining Estimate - 2 hours
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified