Reference Guide

4 How to Use Crypto-J in a FIPS 140-2 Compliant Way

RSA BSAFE Crypto-J 6.2.5 FIPS 140 Compliance Guide

Crypto-J Configuration

To operate Crypto-J in compliance with Security Level 1 FIPS 140-2 requirements,

use the

jcmFIPS-6.2.5.jar file. No configuration change is required.

The default values of the following security properties ensure that Crypto-J is FIPS

140-2 compliant:

To maintain FIPS 140-2 compliance, change these properties only for the scenarios

listed below:

• Set

com.rsa.cryptoj.fips140auth to LEVEL2 for Security Level 2.

• Set

com.rsa.cryptoj.fips140initialmode to FIPS140_SSL_MODE for

TLS 1.1 or earlier only.

FIPS 140-2 compliance in NOT maintained if

com.rsa.cryptoj.fips140initialmode is set to any value other than

FIPS140_MODE or FIPS140_SSL_MODE.

Note: FIPS140_ECC_MODE and FIPS140_SSL_ECC_MODE are

deprecated.

For further detail, see the Introduction To Crypto-J -> System and Security

Properties section of the RSA BSAFE Crypto-J Developers Guide.

Key and Critical Data Zeroization

Crypto-J users should take care to zeroize Critical Security Parameters when they are

no longer needed. For more information on clearing sensitive data, see the Clearing

Sensitive Data sections in the RSA BSAFE Crypto-J Developers Guide.

• com.rsa.cryptoj.fips140auth LEVEL1

• com.rsa.cryptoj.fips140initialmode FIPS140_MODE