Using FIPS 140-2 Cryptographic Modules in a Mobile App
The Federal Information Processing Standard Publication 140-2 (FIPS 140-2) is a U.S. government computer security standard used to approve cryptographic modules.
This Knowledge Base article provides a survey of Appdome’s FIPS functionality and explains how to add FIPS 140-2 Cryptographic modules to any mobile app – instantly, without coding.
We hope you find it useful and enjoy using Appdome!
About adding FIPS 140-2 Cryptographic Modules to a Mobile App
Adding FIPS 140-2 Cryptographic Modules is part of the Appdome Mobile Security Suite. You can find it under TOTALDataTM Encryption. Appdome uses the FIPS 140-2 certified versions of the commercially available encryption libraries. These libraries (OpenSSL’s libcrypto and libssl) have themselves undergone FIPS certification.
Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs, and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily implement FIPS 140-2 Compliant Cryptographic Modules to any mobile app – instantly, no code or coding required.
Prerequisites for using Appdome to Enhance Apps with FIPS 140-2
In order to use Appdome’s no code implementation of FIPS 140-2 on Appdome, you’ll need:
How to Enable FIPS 140-2 Compliance in Fused Applications
Follow these step-by-step instructions to enable FIPS 140-2 compliance.
Upload a Mobile App to Your Account
- Go to the Build tab.
- Select the Security tab.
- Expand TOTALDataTM Encryption.
- Enable FIPS 140-2 Cryptographic Modules.
- Click Build My App.
Note: the FIPS 140-2 Cryptographic Modules toggle, also appears under Secure Communication, when Trusted Session is enabled:
FIPS 140-2 and Fused Applications on Appdome
The following Appdome features make use of FIPS 140-2 compliant cryptography:
- Appdome’s TOTALData™Encryption makes use of FIPS 140-2 compliant RNG to generate unique IVs (Initial Vectors), and the AES256 block-cipher.
- Appdome’s Trusted session inspection uses FIPS 140-2 compliant certificate and certificate-chain verification methods (
X509_verify_cert). In addition, only FIPS 140-2 compliant encryption and hash algorithms will be used in the said handshake.
- Appdome’s Copy/Paste protection makes use of FIPS 140-2 compliant RNG to generate unique IVs (Initial Vectors), and the AES256 block-cipher.
- Appdome’s Checksum validation computes and verifies only using FIPS 140-2 approved checksum algorithms (SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224and SHA-512/256).
- Appdome encrypts the strings and resources of the application using FIPS 140-2 compliant RNG to generate unique IVs (Initial Vectors), and the AES256 block-cipher.
- Appdome’s Non-native code obfuscation makes use of FIPS 140-2 compliant RNG to generate unique IVs (Initial Vectors), and the AES256 block-cipher.
Appdome uses only FIPS 140-2 compliant cryptographic functions when establishing TLS connections. When used in Session Hardening mode, the outward facing connection will be established using FIPS 140-2 cryptographic functions, so in effect, this makes all outgoing TLS connections FIPS 140-2 compliant.
- Appdome’s Cross-App ID encrypts the shared state using FIPS 140-2 compliant RNG to generate unique IVs (Initial Vectors), and the AES256 block-cipher.
After Adding FIPS 140-2 to a Mobile App on Appdome
After you have enabled FIPS 140-2 compliance, there are a few additional steps needed to complete your mobile integration project. Read this Knowledge Base article to learn what to do after you successfully Fuse an app. It explains both optional steps and required steps.
That is it – Enjoy Appdome with FIPS 140-2 enabled in your app!
How Do I Learn More?
If you have any questions, please send them our way at email@example.com or via the chat window on the Appdome platform.