This page was not yet optimized for use on mobile devices.

HID/Mercury FIPS Provider for OpenSSL 3

Certificate #4923

Webpage information

Status	active
Validation dates	18.12.2024 , 20.08.2025
Sunset date	10-07-2029
Standard	FIPS 140-3
Security level	1
Type	Software
Embodiment	Multi-Chip Stand Alone
Caveat	No assurance of the minimum strength of generated SSPs (e.g., keys).
Exceptions	Physical security: N/A Non-invasive security: N/A Life-cycle assurance: Level 3
Description	The HID/Mercury FIPS Provider for OpenSSL 3 is a secure cryptographic module that enhances the cryptographic capabilities of HID and Mercury intelligent controllers, complying with the FIPS 140-3 standard. It integrates seamlessly with OpenSSL 3 to offer advanced encryption, decryption, hashing, and key management functions, ensuring high performance and robust security. Designed to meet stringent industry requirements, this provider ensures that all cryptographic operations are executed securely and efficiently, making it ideal for applications demanding the highest level of security assurance.
Vendor	[email protected]
References	This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Webpage

Security policy

Security target PDF TXT

Symmetric Algorithms

AES-128, AES-192, AES-256, AES, CAST, HMAC, KMAC, CMAC

Asymmetric Algorithms

ECDSA, EdDSA, ECC, DHE, DSA

Hash functions

SHA-1, SHA2, SHA3-224, SHA3-384, SHA3-512, SHA3-256, SHA-3, SHA3, SHAKE128, SHAKE256, PBKDF

Schemes

MAC, Key agreement, Key Agreement, AEAD

Protocols

SSH, SSHv2, TLS v1.2, TLS v1.3, TLS 1.3, TLS, TLS 1.2

Randomness

DRBG, RBG

Libraries

OpenSSL

Elliptic Curves

P-224, P-256, P-384, P-521, P-192, B-233, B-283, B-409, B-571, K-233, K-283, K-409, K-571, B-163, K-163

Block cipher modes

CTR, GCM, CCM

JavaCard API constants

ED25519, ED448

Trusted Execution Environments

PSP, SSC

Vendor

STMicroelectronics

Security level

Level 1

Side-channel analysis

timing attacks

Standards

FIPS 140-3, FIPS 186-4, FIPS186-4, FIPS 186-5, FIPS 198-1, FIPS 180-4, FIPS 202, FIPS186-5, SP 800-140D, SP 800-90B, SP 800-38A, SP 800-38C, SP 800-38D, SP 800-38F, SP 800-38E, SP 800-56A, SP 800-56C, SP 800-135, SP 800-108, SP 800-132, SP 800-56B, SP 800-38B, SP 800-185, SP 800-90A, SP 800-133, SP 800-52, SP 800-57, SP 800-186, SP 800-107, PKCS 1, RFC7627, RFC 5288, RFC 5647, RFC 8446, RFC8446, ISO/IEC 19790:2012

File metadata

Author	Hawes, David J. (Fed)
Creation date	D:20250820085946-04'00'
Modification date	D:20250820090109-04'00'
Pages	45
Creator	Acrobat PDFMaker 25 for Word
Producer	Adobe PDF Library 25.1.51

Heuristics

No heuristics are available for this certificate.

References

No references are available for this certificate.

Updates Feed

15.12.2025

The certificate data changed.
Certificate changed

The web extraction data was updated.

The validation_history property was updated, with the [[1, {'_type': 'sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry', 'date': '2025-08-20', 'validation_type': 'Update', 'lab': 'Acumen Security'}]] values inserted.

The state was updated.

The following values were inserted: {'policy_json_hash': None}.

The following properties were deleted: ['policy_convert_garbage'].
08.09.2025

The certificate data changed.
Certificate changed

The web extraction data was updated.

The validation_history property was updated.
25.08.2025

The certificate data changed.
Certificate changed

The PDF extraction data was updated.

The keywords property was updated, with the {'fips_certlike': {'__update__': {'Certlike': {'__insert__': {'HMAC-SHA-1': 6, 'SHA-1': 16, 'SHA2-224': 18, 'SHA2-256': 25, 'SHA2-384': 21, 'SHA2-512': 24, 'SHA3-224': 5, 'SHA3- 256': 2, 'SHA3-384': 5, 'SHA3-512': 8, 'SHA3-256': 8, 'SHA-3': 3, 'SHA2- 256': 2, 'AES-128': 7, 'AES-192': 6, 'AES-256': 6}}}}, 'vendor': {'__update__': {'STMicroelectronics': {'__update__': {'STMicroelectronics': 5}}}}, 'symmetric_crypto': {'__update__': {'AES_competition': {'__update__': {'AES': {'__insert__': {'AES-128': 7, 'AES-192': 6, 'AES-256': 6}}}}, 'constructions': {'__update__': {'MAC': {'__update__': {'HMAC': 20}}}}}}, 'hash_function': {'__update__': {'SHA': {'__insert__': {'SHA1': {'SHA-1': 16}}, '__update__': {'SHA3': {'__insert__': {'SHA3-224': 5, 'SHA3-384': 5, 'SHA3-512': 8, 'SHA3-256': 8, 'SHA-3': 3}}}}, 'PBKDF': {'__update__': {'PBKDF': 9}}}}, 'crypto_scheme': {'__update__': {'MAC': {'__update__': {'MAC': 36}}}}, 'crypto_protocol': {'__update__': {'SSH': {'__update__': {'SSH': 3}}}}, 'randomness': {'__update__': {'PRNG': {'__update__': {'DRBG': 34}}}}, 'ecc_curve': {'__insert__': {'NIST': {'P-224': 32, 'P-256': 30, 'P-384': 26, 'P-521': 26, 'P-192': 8, 'B-233': 14, 'B-283': 14, 'B-409': 14, 'B-571': 14, 'K-233': 14, 'K-283': 14, 'K-409': 14, 'K-571': 14, 'B-163': 4, 'K-163': 4}}}, 'crypto_library': {'__update__': {'OpenSSL': {'__update__': {'OpenSSL': 56}}}}, 'tee_name': {'__insert__': {'IBM': {'SSC': 1}}}, 'standard_id': {'__insert__': {'NIST': {'SP 800-140D': 1, 'SP 800-90B': 2, 'SP 800-38A': 10, 'SP 800-38C': 1, 'SP 800-38D': 4, 'SP 800-38F': 3, 'SP 800-38E': 2, 'SP 800-56A': 12, 'SP 800-56C': 7, 'SP 800-135': 9, 'SP 800-108': 2, 'SP 800-132': 7, 'SP 800-56B': 8, 'SP 800-38B': 1, 'SP 800-185': 3, 'SP 800-90A': 5, 'SP 800-133': 7, 'SP 800-52': 1, 'SP 800-57': 5, 'SP 800-186': 3, 'SP 800-107': 1}}, '__update__': {'FIPS': {'__insert__': {'FIPS 140-3': 22, 'FIPS 186-4': 13, 'FIPS186-4': 38, 'FIPS 186-5': 6, 'FIPS 198-1': 11, 'FIPS 180-4': 7, 'FIPS186-5': 4}}, 'RFC': {'__update__': {'RFC7627': 3}}}}} data.

The policy_metadata property was updated, with the {'pdf_file_size_bytes': 790536, 'pdf_number_of_pages': 45, '/Author': 'Hawes, David J. (Fed)', '/CreationDate': "D:20250820085946-04'00'", '/Creator': 'Acrobat PDFMaker 25 for Word', '/ModDate': "D:20250820090109-04'00'", '/Producer': 'Adobe PDF Library 25.1.51', '/Title': '', 'pdf_hyperlinks': {'_type': 'Set', 'elements': ['https://keypair.us/']}} data.

The state was updated.

The policy_pdf_hash property was set to 20c49e1df616925b2418eb1d0a29a9f3d6678b3a11fe1ffb4bf8ac212241e4cb.

The policy_txt_hash property was set to edd589f72591097b9e862ee2d27b434fc8fc54787c4a36da8c6f30ceadb5919c.
19.05.2025

The certificate data changed.
Certificate changed

The web extraction data was updated.

The vendor_url property was set to /cdn-cgi/l/email-protection.

The vendor property was set to [email protected].
21.04.2025

The certificate data changed.
Certificate changed

The PDF extraction data was updated.

The keywords property was updated, with the {'vendor': {'__update__': {'STMicroelectronics': {'__update__': {'STMicroelectronics': 7}}}}, 'tee_name': {'__delete__': ['IBM']}} data.

The policy_metadata property was updated, with the {'pdf_file_size_bytes': 669209, '/CreationDate': "D:20250121075504-08'00'", '/ModDate': "D:20250121075504-08'00'", '/Title': 'Microsoft Word - HID FIPS 140-3 Security Policy_Output_V1.1.docx'} data.

The state was updated.

The policy_pdf_hash property was set to f1dcffe8d1c1123a8c39619088724013f9f63f7cdd059c1957ae544b4708eb34.

The policy_txt_hash property was set to ee9b25eb9d73a7fddc8153f9d8d9dad1c1ee3502dcd8f3ab0b9e3d05ba419fcb.
04.04.2025

The certificate data changed.
Certificate changed

The PDF extraction data was updated.

The keywords property was updated, with the {'crypto_protocol': {'__update__': {'SSH': {'__insert__': {'SSHv2': 2}}}}} data.
24.02.2025

The certificate data changed.
Certificate changed

The web extraction data was updated.

The exceptions property was updated.
23.12.2024

The certificate was first processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4923,
  "dgst": "66132b1c601d1f2c",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": []
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "3"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 8
          },
          "ECDSA": {
            "ECDSA": 23
          },
          "EdDSA": {
            "EdDSA": 4
          }
        },
        "FF": {
          "DH": {
            "DHE": 1
          },
          "DSA": {
            "DSA": 23
          }
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CCM": {
          "CCM": 1
        },
        "CTR": {
          "CTR": 3
        },
        "GCM": {
          "GCM": 3
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 56
        }
      },
      "crypto_protocol": {
        "SSH": {
          "SSH": 3,
          "SSHv2": 2
        },
        "TLS": {
          "TLS": {
            "TLS": 3,
            "TLS 1.2": 1,
            "TLS 1.3": 1,
            "TLS v1.2": 4,
            "TLS v1.3": 5
          }
        }
      },
      "crypto_scheme": {
        "AEAD": {
          "AEAD": 1
        },
        "KA": {
          "Key Agreement": 1,
          "Key agreement": 17
        },
        "MAC": {
          "MAC": 36
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "B-163": 4,
          "B-233": 14,
          "B-283": 14,
          "B-409": 14,
          "B-571": 14,
          "K-163": 4,
          "K-233": 14,
          "K-283": 14,
          "K-409": 14,
          "K-571": 14,
          "P-192": 8,
          "P-224": 32,
          "P-256": 30,
          "P-384": 26,
          "P-521": 26
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES-128": 7,
          "AES-192": 6,
          "AES-256": 6,
          "HMAC-SHA-1": 6,
          "PKCS 1": 4,
          "SHA-1": 16,
          "SHA-3": 3,
          "SHA2": 1,
          "SHA2- 256": 2,
          "SHA2-224": 18,
          "SHA2-256": 25,
          "SHA2-384": 21,
          "SHA2-512": 24,
          "SHA3": 1,
          "SHA3- 256": 2,
          "SHA3-224": 5,
          "SHA3-256": 8,
          "SHA3-384": 5,
          "SHA3-512": 8
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 3
        }
      },
      "hash_function": {
        "PBKDF": {
          "PBKDF": 9
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 16
          },
          "SHA2": {
            "SHA2": 1
          },
          "SHA3": {
            "SHA-3": 3,
            "SHA3": 1,
            "SHA3-224": 5,
            "SHA3-256": 8,
            "SHA3-384": 5,
            "SHA3-512": 8
          }
        },
        "SHAKE": {
          "SHAKE128": 1,
          "SHAKE256": 1
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {
        "curves": {
          "ED25519": 4,
          "ED448": 4
        }
      },
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 34
        },
        "RNG": {
          "RBG": 3
        }
      },
      "side_channel_analysis": {
        "SCA": {
          "timing attacks": 2
        }
      },
      "standard_id": {
        "FIPS": {
          "FIPS 140-3": 22,
          "FIPS 180-4": 7,
          "FIPS 186-4": 13,
          "FIPS 186-5": 6,
          "FIPS 198-1": 11,
          "FIPS 202": 6,
          "FIPS186-4": 38,
          "FIPS186-5": 4
        },
        "ISO": {
          "ISO/IEC 19790:2012": 3
        },
        "NIST": {
          "SP 800-107": 1,
          "SP 800-108": 2,
          "SP 800-132": 7,
          "SP 800-133": 7,
          "SP 800-135": 9,
          "SP 800-140D": 1,
          "SP 800-185": 3,
          "SP 800-186": 3,
          "SP 800-38A": 10,
          "SP 800-38B": 1,
          "SP 800-38C": 1,
          "SP 800-38D": 4,
          "SP 800-38E": 2,
          "SP 800-38F": 3,
          "SP 800-52": 1,
          "SP 800-56A": 12,
          "SP 800-56B": 8,
          "SP 800-56C": 7,
          "SP 800-57": 5,
          "SP 800-90A": 5,
          "SP 800-90B": 2
        },
        "PKCS": {
          "PKCS 1": 2
        },
        "RFC": {
          "RFC 5288": 1,
          "RFC 5647": 1,
          "RFC 8446": 1,
          "RFC7627": 3,
          "RFC8446": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 10,
            "AES-128": 7,
            "AES-192": 6,
            "AES-256": 6
          },
          "CAST": {
            "CAST": 73
          }
        },
        "constructions": {
          "MAC": {
            "CMAC": 6,
            "HMAC": 20,
            "KMAC": 7
          }
        }
      },
      "tee_name": {
        "AMD": {
          "PSP": 12
        },
        "IBM": {
          "SSC": 1
        }
      },
      "tls_cipher_suite": {},
      "vendor": {
        "STMicroelectronics": {
          "STMicroelectronics": 5
        }
      },
      "vulnerability": {}
    },
    "policy_metadata": {
      "/Author": "Hawes, David J. (Fed)",
      "/Comments": "",
      "/Company": "",
      "/ComplianceAssetId": "",
      "/ContentTypeId": "0x010100DCA90304BC368747933546DC38C49DF0",
      "/CreationDate": "D:20250820085946-04\u002700\u0027",
      "/Creator": "Acrobat PDFMaker 25 for Word",
      "/Keywords": "",
      "/MediaServiceImageTags": "",
      "/ModDate": "D:20250820090109-04\u002700\u0027",
      "/Order": "1084700.000000",
      "/Producer": "Adobe PDF Library 25.1.51",
      "/SourceModified": "",
      "/Subject": "",
      "/TemplateUrl": "",
      "/Title": "",
      "/TriggerFlowInfo": "",
      "/_ExtendedDescription": "",
      "/xd_ProgID": "",
      "/xd_Signature": "0",
      "pdf_file_size_bytes": 790536,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://keypair.us/"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 45
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_json_hash": null,
    "policy_pdf_hash": "20c49e1df616925b2418eb1d0a29a9f3d6678b3a11fe1ffb4bf8ac212241e4cb",
    "policy_txt_hash": "edd589f72591097b9e862ee2d27b434fc8fc54787c4a36da8c6f30ceadb5919c"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "No assurance of the minimum strength of generated SSPs (e.g., keys).",
    "certificate_pdf_url": null,
    "date_sunset": "2029-07-10",
    "description": "The HID/Mercury FIPS Provider for OpenSSL 3 is a secure cryptographic module that enhances the cryptographic capabilities of HID and Mercury intelligent controllers, complying with the FIPS 140-3 standard. It integrates seamlessly with OpenSSL 3 to offer advanced encryption, decryption, hashing, and key management functions, ensuring high performance and robust security. Designed to meet stringent industry requirements, this provider ensures that all cryptographic operations are executed securely and efficiently, making it ideal for applications demanding the highest level of security assurance.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Physical security: N/A",
      "Non-invasive security: N/A",
      "Life-cycle assurance: Level 3"
    ],
    "fw_versions": null,
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "HID/Mercury FIPS Provider for OpenSSL 3",
    "module_type": "Software",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-3",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2024-12-18",
        "lab": "DEKRA Cybersecurity Certification Laboratory",
        "validation_type": "Initial"
      },
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2025-08-20",
        "lab": "Acumen Security",
        "validation_type": "Update"
      }
    ],
    "vendor": "[email\u00a0protected]",
    "vendor_url": "/cdn-cgi/l/email-protection"
  }
}

Sections

HID/Mercury FIPS Provider for OpenSSL 3

Certificate #4923

Webpage information

Security policy

Symmetric Algorithms

Asymmetric Algorithms

Hash functions

Schemes

Protocols

Randomness

Libraries

Elliptic Curves

Block cipher modes

JavaCard API constants

Trusted Execution Environments

Vendor

Security level

Side-channel analysis

Standards

File metadata

Heuristics

References

Updates Feed

Certificate changed

Certificate changed

Certificate changed

Certificate changed

Certificate changed

Certificate changed

Certificate changed

New certificate

Raw data

Sections

HID/Mercury FIPS Provider for OpenSSL 3

Certificate #4923

Webpage information

Security policy

Cryptography

Symmetric Algorithms

Asymmetric Algorithms

Hash functions

Schemes

Protocols

Randomness

Libraries

Elliptic Curves

Block cipher modes

Device

JavaCard API constants

Trusted Execution Environments

Vendor

Security

Security level

Side-channel analysis

Other

Standards

File metadata

Heuristics

References

Updates Feed

Raw data

Toggle raw data