Testing BouncyCastle FIPS Mode

The FIPS test checks for key sizes, keystore types, encryption algorithms and hashing/message digest algorithms. The "test" function produces a report called fips-report.txt in the current working directory. The report shows the components that fail FIPS testing and will therefore not work in FIPS approved mode.

• Enter one of the following commands:
  • On Windows: fips test
  • On UNIX: ./fips.sh test
  The file fips-report.txt is created and shows the components that are FIPS compatible and the components that are not FIPS compatible. The FIPS test reports on the following capabilities:

  • Keystore status: tests the server HTTPS private key
  • PGP system keys
  • PGP user/server public keys
  • AS2 system keys
  • Protocol user/server public keys
  • Cipher suites
    • HTTPS cipher suites
    • SSL cipher suites

  The PGP System Keys, PGP User/Server Public Keys, AS2 System Keys and Protocol User/Server Public Keys displays a status column. This column consists of thee values:

  Value	Description
  Pass	The protocol and key size conforms to FIPS guidelines and works in FIPS mode.
  Fail	The protocol and key size do not conform to FIPS guidelines and does not work in FIPS mode.
  Action	The protocol and key size conforms to FIPS guidelines and works in FIPS mode. However an action must be taken to make this key work. The action generally consists of making sure that after running the FIPS Enable script, you configure the software to use the FIPS supported key.