FIPS 140-2 Mode and Key Size Requirement in MFT 5.7.x
Posted: Mon Jun 18, 2018 2:53 pm
Question:
What changes need to be made to accommodate the new FIPS provider library in MFT 5.7.x?
Answer:
When running FIPS in MFT version 5.7.0 and later, there are minimum key size requirements for RSA Keys. Any services in MFT that use SSL Certificates or SSH Keys (HTTPS, FTPS, SFTP for example) will need to utilize RSA key sizes 2048 bits or larger. You may need to create a new key pair with an RSA key that is 2048 (or higher) and replace the existing key for the service in order to be FIPS 140-2 compliant as well as adhere to the new FIPS 140-2 library. Here is an example of an RSA 2048 bit key size SSH Key, as well as SSL Certificate:
What changes need to be made to accommodate the new FIPS provider library in MFT 5.7.x?
Answer:
When running FIPS in MFT version 5.7.0 and later, there are minimum key size requirements for RSA Keys. Any services in MFT that use SSL Certificates or SSH Keys (HTTPS, FTPS, SFTP for example) will need to utilize RSA key sizes 2048 bits or larger. You may need to create a new key pair with an RSA key that is 2048 (or higher) and replace the existing key for the service in order to be FIPS 140-2 compliant as well as adhere to the new FIPS 140-2 library. Here is an example of an RSA 2048 bit key size SSH Key, as well as SSL Certificate: