use of FIPS mode

[rsgmodelworks]

one should be using FIPS crypto on a platform used for PIV (e.g. that computer you'd run firefox on.)

perhaps it would be useful to document what you need to do to ensure the computer you're running on
is appropriately configured to support use of PIV-approved crypto. (Vendors get mixed messages about whether this is common knowledge among govvies thus maybe it would be worthwhile to document it in this venue.)

References (Docs, Links, Files):

perhaps a new user guide entry on use of PIV-approved crypto algorithms/features and e.g. how to make sure your windows .net platform is enabled for for FIPS 140 use.

Link to the Content Page for Contributors:

[grandamp]

To add a few thoughts:

Crypto with PIV for RSA or ECC operations are handled by the card. Ciphertext in, plaintext out, and vice versa.

For other operations such as digesting or random number generation, these are dependent on the platform, the middleware, and the software used.

I.e., Adobe warnings regarding SHA-1 due to dated middleware.

[maxwellfunk]

closing issue; all affected crypto functions are handled on card given all documentation associated with PIV user guides.