This page was not yet optimized for use on mobile devices.
Kernel Cryptography Module for AlmaLinux 9
Certificate #4750
Webpage information
Security policy
Symmetric Algorithms
AES, AES-128, AES-192, AES-256, CAST, HMAC, CMACHash functions
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-3, SHA3-224, SHA3-256, SHA3-384, SHA3-512, PBKDF2Schemes
MACProtocols
IKEv2, IPsecRandomness
DRBG, RNGBlock cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTSSecurity level
Level 1Standards
FIPS 140-3, FIPS PUB 140-3, FIPS 180-4, FIPS 202, FIPS 197, FIPS 198-1, FIPS 186-4, FIPS 186-5, SP 800-38A, SP 800-38D, SP 800-38B, SP 800-38C, SP 800-38E, PKCS#1, RFC 4106, RFC 7296, ISO/IEC 24759File metadata
| Creation date | D:20250429092626Z00'00' |
|---|---|
| Modification date | D:20250429092626Z00'00' |
| Pages | 33 |
| Producer | macOS Versione 14.5 (Build 23F79) Quartz PDFContext |
Heuristics
No heuristics are available for this certificate.
References
No references are available for this certificate.
Updates
-
11.08.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The validation_history property was updated, with the
[[1, {'_type': 'sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry', 'date': '2025-08-07', 'validation_type': 'Update', 'lab': 'ATSEC INFORMATION SECURITY CORP'}]]values inserted. - The sw_versions property was set to
kernel 5.14.0-284.1101.el9_2.tuxcare.7; libkcapi 1.3.1-3.el9.
The PDF extraction data was updated.
- The keywords property was updated, with the
{'standard_id': {'__update__': {'FIPS': {'__update__': {'FIPS PUB 140-3': 2}}}}}data. - The policy_metadata property was updated, with the
{'pdf_file_size_bytes': 464329, '/CreationDate': "D:20250429092626Z00'00'", '/ModDate': "D:20250429092626Z00'00'", '/Producer': 'macOS Versione 14.5 (Build 23F79) Quartz PDFContext'}data.
The state was updated.
- The policy_pdf_hash property was set to
f2b571869071730c9a37a32f3250b2583914ec7991d6d12937d38f8df7643178. - The policy_txt_hash property was set to
20a698d32f7d8bf01950ff6805909c6ee1a53dd5f31a1a0237134ffac2a788b0.
- The validation_history property was updated, with the
-
24.02.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The exceptions property was updated.
-
09.09.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf.
- The certificate_pdf_url property was set to
-
03.08.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name Kernel Cryptography Module for AlmaLinux 9 was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4750,
"dgst": "a360748ed90aa02c",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"AES-CFB128A4044",
"HMAC-SHA3-512A4026",
"AES-GCMA4043",
"AES-CBCA4041",
"AES-ECBA4043",
"AES-CTRA4041",
"Counter DRBGA4043",
"SHA3-512A4026",
"SHA3-256A4026",
"HMAC DRBGA4049",
"SHA2-224A4049",
"Hash DRBGA4049",
"HMAC-SHA2-384A4049",
"AES-CCMA4041",
"AES-CMACA4041",
"AES-OFBA4045",
"HMAC-SHA2-512A4049",
"AES-XTS Testing Revision 2.0A4041",
"HMAC-SHA2-224A4049",
"SHA3-224A4026",
"AES-GMACA4041",
"HMAC-SHA3-224A4026",
"SHA3-384A4026",
"HMAC-SHA3-384A4026",
"SHA2-384A4049",
"AES-CBC-CS3A4046",
"RSA SigVer (FIPS186-4)A4049",
"SHA2-256A4049",
"HMAC-SHA3-256A4026",
"SHA2-512A4049",
"HMAC-SHA2-256A4049"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"9"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 7
},
"CCM": {
"CCM": 6
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 6
},
"ECB": {
"ECB": 4
},
"GCM": {
"GCM": 24
},
"OFB": {
"OFB": 3
},
"XTS": {
"XTS": 12
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"IKE": {
"IKEv2": 1
},
"IPsec": {
"IPsec": 7
}
},
"crypto_scheme": {
"MAC": {
"MAC": 6
}
},
"device_model": {},
"ecc_curve": {},
"eval_facility": {
"atsec": {
"atsec": 36
}
},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES-128": 1,
"AES-192": 1,
"AES-256": 1,
"PKCS#1": 12,
"RSA PKCS#1": 2,
"SHA- 256": 4,
"SHA- 512": 2,
"SHA-1": 4,
"SHA-224": 4,
"SHA-256": 8,
"SHA-3": 3,
"SHA-384": 3,
"SHA-512": 7,
"SHA2- 384": 1,
"SHA2-256": 1,
"SHA2-384": 2,
"SHA2-512": 3,
"SHA3- 224": 2,
"SHA3- 256": 2,
"SHA3- 384": 1,
"SHA3- 512": 1,
"SHA3- 512 32": 1,
"SHA3-224": 3,
"SHA3-256": 5,
"SHA3-384": 4,
"SHA3-512": 4
}
},
"fips_security_level": {
"Level": {
"Level 1": 2
}
},
"hash_function": {
"PBKDF": {
"PBKDF2": 3
},
"SHA": {
"SHA1": {
"SHA-1": 4
},
"SHA2": {
"SHA-224": 4,
"SHA-256": 8,
"SHA-384": 3,
"SHA-512": 7
},
"SHA3": {
"SHA-3": 3,
"SHA3-224": 4,
"SHA3-256": 5,
"SHA3-384": 4,
"SHA3-512": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 25
},
"RNG": {
"RNG": 4
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 41,
"FIPS 180-4": 2,
"FIPS 186-4": 4,
"FIPS 186-5": 1,
"FIPS 197": 7,
"FIPS 198-1": 2,
"FIPS 202": 2,
"FIPS PUB 140-3": 2
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-38A": 3,
"SP 800-38B": 1,
"SP 800-38C": 1,
"SP 800-38D": 2,
"SP 800-38E": 1
},
"PKCS": {
"PKCS#1": 7
},
"RFC": {
"RFC 4106": 3,
"RFC 7296": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 59,
"AES-128": 1,
"AES-192": 1,
"AES-256": 1
},
"CAST": {
"CAST": 2
}
},
"constructions": {
"MAC": {
"CMAC": 5,
"HMAC": 16
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/CreationDate": "D:20250429092626Z00\u002700\u0027",
"/ModDate": "D:20250429092626Z00\u002700\u0027",
"/Producer": "macOS Versione 14.5 (Build 23F79) Quartz PDFContext",
"pdf_file_size_bytes": 464329,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a-add.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf",
"https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
"https://datatracker.ietf.org/doc/html/rfc4106",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
"http://www.atsec.com/",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
"https://www.ietf.org/rfc/rfc3447.txt",
"https://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
"https://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
"https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf",
"http://www.tuxcare.com/"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 33
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "f2b571869071730c9a37a32f3250b2583914ec7991d6d12937d38f8df7643178",
"policy_txt_hash": "20a698d32f7d8bf01950ff6805909c6ee1a53dd5f31a1a0237134ffac2a788b0"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy.",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
"date_sunset": "2026-08-01",
"description": "The Linux kernel crypto API implementation provides cryptographic services to Linux kernel space software components and user space via the AF_ALG interface.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "Kernel Cryptography Module for AlmaLinux 9",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "kernel 5.14.0-284.1101.el9_2.tuxcare.7; libkcapi 1.3.1-3.el9",
"tested_conf": [
"AlmaLinux 9.2 running on Amazon Web Services (AWS) a1.metal with AWS Graviton with PAA",
"AlmaLinux 9.2 running on Amazon Web Services (AWS) a1.metal with AWS Graviton without PAA",
"AlmaLinux 9.2 running on Amazon Web Services (AWS) m5.metal with Intel Xeon Platinum 8259CL with PAA",
"AlmaLinux 9.2 running on Amazon Web Services (AWS) m5.metal with Intel Xeon Platinum 8259CL without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-08-02",
"lab": "ATSEC INFORMATION SECURITY CORP",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2025-08-07",
"lab": "ATSEC INFORMATION SECURITY CORP",
"validation_type": "Update"
}
],
"vendor": "Cloudlinux Inc., TuxCare division",
"vendor_url": "http://www.tuxcare.com"
}
}