GO LANG FIPS :
BORING - CRYPOT : FIPS cert
https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4407
https://boringssl.googlesource.com/boringssl/+/master/crypto/fipsmodule/FIPS.md
Documentation Explanation :
https://medium.com/cyberark-engineering/navigating-fips-compliance-for-go-applications-libraries-integration-and-security-42ac87eec40b
FIPS only module :
https://github.com/golang/go/blob/go1.19.3/src/crypto/tls/fipsonly/fipsonly.go
add code :
in package main :
import _ "crypto/tls/fipsonly"
Document, how to look for FIPS :
https://kupczynski.info/posts/fips-golang/
// CGO enabled is to enable running c * must have thi s
Build
GOEXPERIMENT=boringcrypto CGO_ENABLED=1 go build
// verify :
https://stackoverflow.com/questions/75638176/how-can-i-check-whether-my-golang-app-uses-boringcrypto-instead-of-the-native-go
https://kupczynski.info/posts/fips-golang/
nm - name list
go tool nm main | grep -E 'sig.FIPSOnly|sig.BoringCrypto|sig.StandardCrypto'
go tool nm file-server | grep -i boring/sig
No comments:
Post a Comment