Endpoint Encryption

 View Only

  • 1.  Enabling FIPS mode

    Posted Apr 12, 2011 07:25 AM

    From the documentation I can see that you can force PGP command line to use FIPS mode (FIPS140-2 approved algorithms only) using two possible settings.

    --fips-mode|--fips on the command line itself.

    or

    PGP_FIPS_MODE=True

    This tells the PGPsdk to run in FIPS mode.

    I've also seen some comments on the forums about setting this in the PGPprefs.xml file but that was specifically in relation to it's use on PGP Desktop and adding the following to my PGPprefs.xml file has so far had no effect.

        <key>FIPSmode</key>
        <true></true>
     

    The forum post referred to a ClientPrefs section but my file doesn't have one.  Is it possible to set this mode in the prefs file for command line and if so how, or is it just easier to use the command line tag or environment variable?

    Regards,

    Chris Swallow
    Technical Architect
    Atos Origin IT Services (UK) Ltd



  • 2.  RE: Enabling FIPS mode
    Best Answer

    Posted Apr 12, 2011 08:58 AM

    Hello,

    PGP Command Line only accepts the configuration file variables listed in Appendix A "Configuration File Variables " of the PGP Command Line documentation.

    It is not possible to configure FIPS mode through the configuration file, the only options are the ones you listed:

    • Using the argument --fips-mode
    • Using the argument --fips
    • Setting the environment variable PGP_FIPS_MODE to 'true'

    .andi



  • 3.  RE: Enabling FIPS mode

    Posted May 06, 2011 03:45 PM

    Hi,

    How much of a performance impact is there when using FIPS 140-2 mode in PGP WDE/Desktop?

     

    Thanks.



  • 4.  RE: Enabling FIPS mode

    Posted May 06, 2011 05:11 PM

    In WDE/Desktop, enabling the FIPS 140-2 operational tests will incur a very slight startup penalty (as the system runs through its self tests).

    (Note this is more a question for one of the other forums.)