FIPS: Legacy Mix-Up
An Update on IG G.18 and the Transition from 186-2
19 December 2019
Recently, the Cryptographic Module Validation Program (CMVP) sent out a set of revisions to its Implementation Guidance (IGs) for review. Implementation Guidance G.18, "Limiting the Use of FIPS 186-2," is to extend the use date of FIPS 186-2 to mirror the Automated Cryptographic Validation Protocol (ACVP) effective date, July 1, 2020. At that time, using the Automated Cryptographic Validation Testing System (ACVTS) will be the only means of obtaining algorithm certificates.
The Cryptographic Algorithm Validation Program (CAVP) has disallowed FIPS 186-2 capabilities for RSA for the non-approved for use key sizes 1024 and 1536 for both key and signature generation. On September 1, 2020, the CMVP will place on the historical list modules that were CAVP tested for FIPS 186-2 RSA signature generation (SigGen) and key generation (KeyGen). If SigGen is tested with only a 4096-bit modulus, then the implementation will not be moved to the historical list. The testing is regarded as an additional assurance. For modules implementing only 186-2 functionality, it means the RSA, DSA and ECDSA algorithms will be moved to the historical list so that functionality can no longer be claimed by the module after the deadline.
If a module is at risk of moving to the historical list due to this transition, the IG allows for ways to return it to the active list. Methods range from documentation changes and administrative updates sent to the CMVP, to new testing performed under the ACVP, to actual module changes and retesting.
This implementation guidance allows algorithm testing of signature verification implementations for their compliance with FIPS 186-2 for legacy purposes. We recommend that all modules implementing RSA, DSA or ECDSA using FIPS 186-2 transition the algorithms to be compliant with FIPS 186-4.