问答博客资讯标签用户活动
logo极客观点logo项目管理logoHarmonyOS
开发者社区
javascript
前端
python
node.js
react
vue.js
php
laravel
go
人工智能
mysql
linux
ios
java
android
css
typescript
spring
程序员
logoONES 研发管理logo思否企业问答

Go 1.24+ 针对更轻松合规的原生 FIPS 支持

  • Go 1.24 and FIPS: In February, Go released version 1.24 with enhanced cryptographic libraries for FIPS compliance. It simplifies and streamlines development for government-regulated industries by integrating FIPS compliance directly into the core and eliminating dependency on third-party libraries.

    • FIPS Overview: FIPS are U.S. government security requirements for data protection and encryption developed by NIST. Achieving FIPS compliance requires implementing FIPS-compliant libraries and getting them certified.
    • Challenges Before 1.24: Before 1.24, achieving FIPS compliance in Go was complex due to reliance on external libraries from different vendors, creating fragmentation.
  • Go's Native FIPS Support: With Go 1.24, native FIPS-compliant cryptographic libraries are introduced in the standard library, providing broader compatibility, eliminating reliance on external libraries, and simplifying compliance processes. It is being tested by CMVP-accredited laboratories.
  • Go HTTP Server Example: A simple HTTP server code is provided to demonstrate building and validating FIPS libraries. Compiling with and without FIPS support is shown using different commands and tools.
  • Using BoringSSL (Pre-1.24): Compiling for FIPS with BoringSSL requires adding a build flag. The go nm tool can show FIPS-enabled libraries in the binary, but there is a limitation of dependent libraries potentially being non-FIPS compliant.
  • Go Support Strict Mode: By importing crypto/tls/fipsonly, strict FIPS mode can be enabled. In this mode, compilation fails if incompatible libraries are used.
  • Using Go Cryptography Module (1.24+): From 1.24, FIPS support is enabled at runtime without special compilation flags. It can be validated using the go tool. To enable FIPS mode at runtime, set environment variables like GOFIPS=1 or GODEBUG=fips140=on. Strict FIPS mode can be enabled with GODEBUG=fips140=only.
  • Conclusion: Go 1.24 simplifies FIPS compliance and is likely to become the preferred choice for federal application development as it continues to evolve.
Go 1.24+ Native FIPS Support for Easier Compliance
https://dzone.com/articles/go-1-24-fips-compliance
阅读 49
0 条评论
得票最新