Users Guide

Use Cert-J in FIPS-140 Mode in Compliance with FIPS 140-2 Requirements 3

RSA BSAFE Cert-J 6.2.4 Troubleshooting Guide

Use Cert-J in FIPS-140 Mode in Compliance with FIPS

140-2 Requirements

To ensure that Cert-J is used in the FIPS 140 mode in compliance with FIPS 140-2

requirements, complete the following:

• Use the correct jar file:

– For non-Android environments, use the

jcmFIPS.jar file

– For Android environments, use the

jcmandroidfips.jar file.

• Set the initial FIPS-140 mode of operation security property

com.rsa.cryptoj.fips140initialmode to one of:

–

FIPS140_MODE (default)

–

FIPS140_SSL_MODE.

For further details, see Customization Using the System and Security Properties.

For more information about using Cert-J on Android in FIPS-140 mode, see

Introduction to Cert-J > Android in the RSA BSAFE Cert-J Developer Guide.

Decrease the Time Taken for Cryptographic Operations

Cert-J relies on the operating system to provide the entropy needed for seeding the

SecureRandom object used for cryptographic operations. These operations can take

an unusually long time if the operating system is unable to provide sufficient entropy.

RSA recommends using a Hardware Security Module with Cert-J for generating the

entropy.

Refer to the “Welcome to the Crypto-J Toolkit > Introduction to Crypto-J >

Hardware Operations” section of the RSA BSAFE Cert-J Developers Guide.