The Latest Addition to SafeLogic’s Growing Cryptographic Software Catalog, this New Product Allows BoringCrypto Developers to Obtain FIPS 140-3 Certificates in their Company’s Name in Just 3-4 Months, and includes SafeLogic’s Software and Certification Maintenance and Support
SafeLogic is proud to announce the general availability (GA) release of CryptoComply BoringCrypto v1.1, production-ready, FIPS-validated cryptographic software that is drop-in compatible with Google’s proven BoringCrypto implementation. Unique in the BoringCrypto ecosystem, SafeLogic enables BoringCrypto developers to obtain a FIPS 140-3 certificate from NIST in their own company’s name in just 3-4 months, subject to NIST CMVP timelines, while also benefiting from SafeLogic’s software and certification maintenance and support. SafeLogic provides cryptography, validation, and lifecycle maintenance so BoringCrypto developers can stay compliant, secure, and ready for federal procurements with minimal hassles.
Google’s BoringCrypto is widely used across high-security systems, cloud-native platforms, and modern, large-scale applications. Organizations choose BoringCrypto because it offers proven security in large-scale production systems, high-performance optimized for modern CPUs, cloud-native compatibility, and modern TLS implementations. Organizations using BoringCrypto and wishing to have FIPS 140-3 certification in their name must either follow the 2+ year, risky, and complex process for getting a FIPS 140-3 certificate, or hope that following a risky ‘FIPS certified’ strategy will not result in blocked federal procurements.
CryptoComply BoringCrypto is drop-in compatible with Google’s BoringCrypto and comes bundled with SafeLogic’s RapidCert and MaintainCert services. As with all other CryptoComply products, CryptoComply BoringCrypto customers will receive a FIPS 140-3 certificate in their company's name from NIST within 3-4 months, subject to NIST CMVP timelines. Furthermore, SafeLogic will ensure the certificate remains in active status with NIST until its sunset date. In addition, CryptoComply BoringCrypto customers receive enterprise support as part of SafeLogic’s MaintainCert offering.
FIPS Validated versus FIPS Compliant
Many people assume these are synonyms. With FIPS, they are not. In fact, there is a huge difference between the two. FIPS 140 Validated means your company's cryptography module has passed a formal testing process with a NIST-approved lab and NIST’s CMVP program. You receive a certificate in your name from NIST verifying your cryptography module has been FIPS 140-3 validated.
Some claim that using another company’s certified module constitutes 'FIPS compliant’ or 'FIPS inside'. But compliance is not always good enough. Government procurement agents may block the acquisition of FIPS compliant products because they cannot verify which cryptography module the product actually uses. In addition, compliance today may not be compliance tomorrow if someone else’s module becomes noncompliant (e.g., goes historical). For example, a major Linux distribution let the cryptography module in one of its older operating system versions go historical when it declared the operating system End-of-Life and no longer supported. Historical certificates cannot be used for new government acquisitions.
For any organization serious about serving the public sector or regulated markets, having its own CMVP certificate confirms:
CryptoComply BoringCrypto gives BoringCrypto users a direct path to their own certificate, without the complexity and delays of a traditional multi-year validation timeline. SafeLogic handles the lifecycle, so they stay secure, validated, and ready for government opportunities.
Availability and Support
CryptoComply BoringCrypto v1.1 for Linux and Android are available today from SafeLogic upon request. Both are fully supported by SafeLogic’s proven, enterprise-class, commercial-grade product support team.
For More Information
For more information on this new product, check out the CryptoComply BoringCrypto page on the SafeLogic website, contact your existing SafeLogic representative, or email sales@safelogic.com.