0

We're working on getting our Android app FedRAMP certified and are looking for a solution to encrypt our database with a FIPS-validated cryptographic provider. SQLCipher offers this capability, but only as part of their expensive enterprise edition. We're considering using AndroidKeystore, as some resources suggest that when hardware-backed security is unavailable, it uses BoringCrypto internally, which is a FIPS-140-2 validated module. However, other sources mention that software-based cryptography in AndroidKeystore could potentially rely on libraries like OpenSSL or BoringSSL, which are not FIPS validated. Could you clarify which cryptographic module AndroidKeystore will use if hardware-backed security is not available? Any additional insights on achieving SQLite database encryption for FIPS compliance in Android would be greatly appreciated. Thank you in advance!

Improve this question
1
  • Do you target standard Google Android devices or custom AOSP devices? For the first hardware security is as far as I know mandatory. Commented Apr 4 at 20:13
Related questions
4056
Proper use cases for Android UserManager.isUserAGoat()?
10
FIPS Compliance for my Android project
0
Android App FIPS Compliance on Samsung device equipped with FIPS BoringSSL
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.