FIPS-compliant security package

includes a Federal Information Processing Standards (FIPS) 140-2 compliant package for JCE (Java™ Cryptographic Extension) called IBMJCEFIPS. IBMJCEFIPS supports FIPS-approved cryptographic operations through Java APIs.

The IBMJCEFIPS package can be used with the simple password CSM or with the encryption CSM.

To use the FIPS package, add the IBMJCEFIPS provider to the list of security providers in the Java virtual machine file java.security, which is in the jre/lib/ext directory where the Java runtime environment is installed

You must specify the IBMJCEFIPS provider at a higher preference order than any non-FIPS security providers in the java.security file. The order is 1-based, meaning that 1 is the most preferred, followed by 2, and so on.

For example:

security.provider.1=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.2=com.ibm.crypto.fips.provider.IBMJCE

Make sure that the IBMJCEFIPS has a higher preference order than the IBMJCE provider.

No changes to applications are needed for the HCL OneDB™ JDBC Driver to use the FIPS-compliant cryptographic package.

The certified JCE FIPS guide (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp497.pdf) contains more information about the security policy that is provided by the cryptographic module, and describes how the module is designed to meet FIPS 140-2 compliance.