FIPS Utility

MFT supplies a utility that enables you to easily enable or disable FIPS mode because BouncyCastle FIPS mode is more restrictive and more difficult to implement.

To implement BouncyCastle FIPS mode, you must first install MFT in a non-FIPS mode. If you are using IBM Java, you should enter N when prompted if you want to use FIPS mode; this prompt is for IBM FIPS only. On UNIX, the utility is a fips.sh script while on Windows, the utility is a fips.bat script. The scripts are distributed in the root directory of the MFT distribution.

The FIPS utility has three functions:

  1. Test: Create a report on FIPS compatibility.

  2. Enable: Turn on FIPS mode.

  3. Disable: Turn off FIPS mode.