Implement FIPS-compatible crypto for Windows using platform-native crypto library #476
Comments
|
Windows work is happening at https://github.com/microsoft/go-crypto-winnative |
|
Any update here? I'm very interested in this work! I tried following the link provided and it returns a 404. |
The Windows support for FIPS is still under way. Had to pause it briefly to work on a different project but that has completed and we're back to getting our Windows FIPS implementation completed.
Curious: where are you planning on using this? Trying to get a better sense of the people / projects that are taking a dependency on this work.
That should be |
The repo is now public. 🎉 |
|
@jaredpar Sure! I have a few projects where I need to deploy FIPS enabled go microservices on Windows hosts at the edge of unreliable networks to comply with security requirements (FIPS 140-2). Currently I use BoringCrypto toolchains to compile the go microservices with FIPS and run them on Linux based virtual machines or docker containers. But being able to run these services native on the Windows hosts without requiring Linux virtual machines or docker containers would greatly reduce the compute usage and also simplify the deployment architecture. |
Use a native Windows crypto library (CNG) to implement Go's crypto library in the boring branches, so we can rely on the native library's FIPS compatibility.
This is the same approach we took on Linux, where we rely on OpenSSL crypto's FIPS compatibility.
Progress:
The text was updated successfully, but these errors were encountered: