June 2016 | SafeLogic

Archive for June, 2016

17 Jun 2016

Format-Preserving Encryption (FPE) in ‘FIPS Approved’ Mode

Vertical_Lock_ShortThe FIPS 140-2 Implementation Guidance (A.10) now includes vendor affirmation requirements for the format-preserving encryption schemes (FF1, FF3) specified in SP 800-38G.

As its name suggests, format-preserving encryption transforms plaintext to ciphertext of the same format and length. For example, format-preserving encryption may be used for a legacy application that needs to protect 16-digit credit card numbers and 9-digit social security numbers in a database without having to change their storage allocations. FPE has saved a lot of headaches in these use cases, as you can imagine.

For ‘FIPS Approved’ operation, until Cryptographic Algorithm Validation Program (CAVP) testing becomes available specifically for FPE, vendors will need to complete CAVP testing for the underlying AES algorithm, make documentation updates, and affirm compliance to SP 800-38G. Alternatively, SafeLogic can help you strategize and complete this process as easily as possible.

If you have a customer requirement to provide format-preserving encryption with FIPS 140-2 validation, then please contact us today.