GPG is FIPS 140-2 compliant (though pass itself might not be, depending on the s... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dsacco on July 21, 2017 \| parent \| context \| favorite \| on: Pass: A standard Unix password manager GPG is FIPS 140-2 compliant (though pass itself might not be, depending on the specific way it's used). Most likely pass would have to use GPG in a specific FIPS-compliant mode to pursue validation.

Spooky23 on July 21, 2017 [–]

GPG has a FIPS mode that will use FIPS 140-2 primitives.

But you'll have a finding an audit in some circumstances as it hasn't been validated. I've seen cases where they'll miss that if it's running on RHEL, but it's a risk.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact