Encryption/Decryption meeting FIPS PUB 140-2 for Delphi 5

Onionsinger used Ask the Experts™
I am author of an electronic medical record program written in Delphi 5 which now is required to support encryption and decryption that meets "FIPS PUB 140-2", i.e.
National Institute of Standards and Technology,
(1) Annex A: Approved Security Functions for FIPS PUB 140-2, Security Requirements for
Cryptographic Modules, Draft, January 27, 2010, IBR approved for §170.210

I know next to nothing about the field of encryption.

What products are available that can take a string or a file and encrypt/decrypt it that meets this government standard and that I can integrate with my EMR? (It doesn't have to necessarily compile into Delphi 5 if I can call it as a standalone program).

I read some of the other questions already answered on this site but I don't know which solutions actually meet this government standard.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

CryptoSys API

Supports Secure Hash Algorithm SHA-1 and complies with FIPS PUB 140-2...
Dave HoweSoftware and Hardware Engineer

The master list is here:


Many libraries have a FIPS mode, but are not certified for usage.  I use OpenSSL (which is free and certified) but that is not a Delphi library, but a C++ one.
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.


I found a product, DCPCrypt which appears to support multiple forms of encryption and works with Delphi 5. It supports Blowfish, Cast128, Cast256, DES,  3 DES, ICE, Thin ICE, ICE 2, IDEA, MARS, MISTY 1, RC2, RC4, RC6, RijnDael, Serpent, Tea, and Twofish.

1. Which of these (if any) are compliant with FIPS PUB 140-2?
2. Of those which are compliant, which are most robust?
3. Is there a recommended length to use for the passphrase when encrypting?
1.  not sure about fips pub.. I suppose its in the spec.
2. I tend to like rc4 rc5 rjindael, and 3des
3. bigger and weirder the better
Software and Hardware Engineer
RijnDael - its the real name of AES - is going to be your best bet. However, DCPCrypt is NOT FIPS certified, so even using AES isn't going to make yours a FIPS product. 3DES is also acceptable for FIPS but is "harder" in software than AES, and less secure.

you should try to ensure that the passphrase has sufficient bits of entropy that it will match the keysize - so for a 128 bit key, you want 128 bits of entropy. enforcing upper and lower case plus at least one symbol gives you about 5 bits of entropy per character, but less (of course) if there are recognisable dictionary words in there. always hash the passphrase before use - that gets you a key of the right size, and helps hide some of the more obvious bitmappings.


Thanks for the quick response!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial