FIPS 140-2 module

Blue Cedar uses a FIPS 140-2 level 1 cryptographic module to validate its cryptographic algorithms. For the FIPS module to achieve this level of certification, it has passed both the Cryptographic Module Validation Program (CMVP) and Cryptographic Validated Algorithm Program (CAVP ) tests. As mandated by the FIPS 140-2 level 1 standard, the module must perform a power-up self-test to ensure that the module has not been tampered with. If this power-up self-test fails, the app does not run. This test may cause a slight delay when launching the app, which depends on the processing power of your device.

Securing your app in FIPS mode is optional. If the FIPS mode is not used, the cryptographic module does not perform a power-up self-test.

Policies that use FIPS

Blue Cedar FIPS CMVP certification applies to these policies:

• Secure Microtunnel processing, including certificate cryptographic processing, authenticity, encryption, and randomization bits.
• Encrypted Data at Rest encryption and decryption, including SQLite and iOS's Core Data framework.
• Local App Authentication, except biometric authentication.

Blue Cedar FIPS does not apply in these cases:

• Any TLS or SSL traffic
• Biometric authentication (Service Key on iOS, CryptoBlob on Android)

The Mobile User Experience

When the FIPS policy is enabled, the FIPS 140-2 module performs a series of self-tests of the supported cryptographic algorithms to make sure the Blue Cedar Cryptographic Library has not been tampered with. The device user may notice a delay of a few seconds because the module is being loaded.

If the self-testing process succeeds, then the app operates normally.

If the self-testing process fails, then an error message appears and the app exits.