J.R. Sitman

asked on

# Is Open PGP, FIPS 140-2 compliant?

We are looking for a secure printing solution and I need to verify that Open PGP is FIPS 140-2 compliant?

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

ASKER

Any chance either of you would have a diagram of the flow for this?

My boss asked.

My boss asked.

Maybe help to clarify what is the "flow" that you meant?You mean PGP workflow?

how PGP works:

The mathematics behind encryption can get pretty complex (though you can take a look at the math if you like), so here we’ll stick to the basic concepts. At the highest level, this is how PGP encryption works:

how PGP works:

The mathematics behind encryption can get pretty complex (though you can take a look at the math if you like), so here we’ll stick to the basic concepts. At the highest level, this is how PGP encryption works:

- First, PGP generates a random session key using one of two (main) algorithms. This key is a huge number that cannot be guessed, and is only used once.
- Next, this session key is encrypted. This is done using the public key of the intended recipient of the message. The public key is tied to a particular person’s identity, and anyone can use it to send them a message.
- The sender sends their encrypted PGP session key to the recipient, and they are able to decrypt it using their private key. Using this session key, the recipient is now able to decrypt the actual message.

ASKER

That might be what he wants. Thank you I'll send it to him and let you know

ASKER

Thanks

https://www.openpgp.org/about/standard/

https://datatracker.ietf.org/doc/html/rfc6637#section-12.2

Open in new window

## IETF RFCs