CAVP: Frequently asked questions

• How do I go about getting an algorithm validated?
• Where can I find out more about the program?
• What algorithms and modes are tested?

How do I go about getting an algorithm validated?
10 steps for cryptographic algorithm validation:

1. Sign an NDA / contract with atsec
2. Obtain additional information required (Information for NIST certificate form, affidavit for testing)
3. Provide customer with test vectors for algorithms
4. Receive test results from customer
5. Verify test results
6. Iterate with customer until pass status is achieved
7. Obtain from customer assurance that tests were performed using the defined implementation (we have a form letter)
8. Submit results for validations to the CAVP (NIST)
9. Assuming all is well, results are posted to the official web site. (generally takes about 6 weeks)
10. Paper Certificates follow in about 2-3 months signed by both US and Canadian Govt.

[up] 

Where can I find out more about the program?
Further help for the program can be obtained from NIST at
http://csrc.nist.gov/groups/STM/cavp/index.html
and in the CAVP FAQ at
http://csrc.nist.gov/groups/STM/cmvp/faqs.html

Also the FIPS 140-2 implementation guidance can be of help in algorithm validation questions.
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

[up] 

What algorithms and modes are tested?
The definitive list of the algorithms tested are those algorithms that are FIPS approved and NIST recommended at

http://csrc.nist.gov/groups/STM/cavp/index.html

(In addition atsec can offer implementation testing for RC4. This is completely outside the NIST Cryptographic Algorithm Program. Our results are not validated by NIST, nor are they certified.)

[up]