Comparing certificates Experimental feature

You are comparing two certificates. By default, only differing attributes are shown. Use the button below to show/hide all attributes.

Showing only differing attributes.
Amazon Linux 2 Kernel Crypto API Cryptographic Module
Amazon Linux 2 Kernel Crypto API Cryptographic Module
cert_id 4593 3709
dgst 8c285e204e44251d ace104f589733dc0
heuristics/algorithms KTS#C911, HMAC#C919, KTS#C912, SHS#A3678, HMAC#A3678, KTS#A3679, DRBG#A3671, KTS#C920, HMAC#A3741, Triple-DES#C923, KTS#C915, AES#A3675, AES#C913, AES#A3679, HMAC#A3673, KTS#C918, HMAC#A3671, HMAC#A3681, DRBG#A3672, AES#A3680, KTS#C919, SHA-3#C923, AES#A3676, RSA#C920, AES#A3677, SHS#C918, DRBG#C921, HMAC#C923, HMAC#A3672, KTS#C917, DRBG#A3673, AES#A3678, AES#A3672, AES#C917, SHS#A3672, KTS#A3673, AES#C912, DRBG#A3679, DRBG#C919, KTS#A3681, RSA#A3673, RSA#C918, KTS#A3671, AES#A3671, HMAC#C918, DRBG#C915, SHS#A3673, KTS#A3676, KTS#C913, RSA#C919, KTS#A3677, SHS#C919, HMAC#C921, AES#C911, SHS#C921, SHS#A3671, HMAC#C803, KTS#C921, Triple-DES#A3673, DRBG#C920, DRBG#C911, SHA-3#A3674, HMAC#A3674, KTS#A3680, SHS#C920, DRBG#C918, RSA#C921, SHS#A3681, RSA#C923, AES#A3673, HMAC#C920, DRBG#C913, AES#C914, KTS#C914, DRBG#A3676, KTS#A3672, AES#C915, KTS#A3675, KTS#A3678 HMAC#C803, KTS#C921, KTS#C911, AES#C912, DRBG#C919, DRBG#C920, HMAC#C919, KTS#C912, KTS#C919, SHA-3#C923, DRBG#C911, SHS#C920, KTS#C920, DRBG#C918, RSA#C918, RSA#C921, RSA#C920, Triple-DES#C923, RSA#C923, HMAC#C918, AES#C917, HMAC#C920, SHS#C918, DRBG#C915, DRBG#C913, AES#C914, KTS#C914, KTS#C913, RSA#C919, HMAC#C923, DRBG#C921, KTS#C915, SHS#C919, HMAC#C921, AES#C911, AES#C913, AES#C915, KTS#C917, CVL#C923, SHS#C921, KTS#C918
heuristics/module_processed_references/directly_referencing 4565 3646
heuristics/module_processed_references/indirectly_referencing 4565 3646
heuristics/module_prunned_references 4565 3646
heuristics/policy_processed_references/directly_referencing 4565 3646
heuristics/policy_processed_references/indirectly_referencing 4565 3646
heuristics/policy_prunned_references 4565 3646
pdf_data/keywords/fips_cert_id
  • Cert:
    • #4565: 1
  • Cert:
    • #3646: 1
pdf_data/keywords/fips_certlike
  • Certlike:
    • AES-128/256: 1
    • AES128: 1
    • AES192: 1
    • AES256: 1
    • Cert# AES: 1
    • Cert# HMAC: 1
    • HMAC 128: 2
    • HMAC-SHA-1: 6
    • HMAC-SHA-2: 2
    • PKCS#1: 4
    • SHA-1: 6
    • SHA-3: 1
    • SHA2-224: 5
    • SHA2-256: 10
    • SHA2-384: 10
    • SHA2-512: 7
    • SHA2-512 112: 2
    • SHA2-512 2048 and 3072: 1
    • SHA3- 384: 1
    • SHA3-224: 3
    • SHA3-256: 5
    • SHA3-384: 3
    • SHA3-512: 4
  • Certlike:
    • AES-128/256: 1
    • AES128: 1
    • AES192: 1
    • AES256: 1
    • Cert# AES: 1
    • Cert# RSA: 1
    • HMAC 128: 2
    • HMAC-SHA-1: 4
    • PKCS#1: 4
    • SHA-1: 6
    • SHA-3: 1
    • SHA2-224: 5
    • SHA2-256: 10
    • SHA2-384: 9
    • SHA2-512: 7
    • SHA2-512 112: 2
    • SHA2-512 2048 and 3072: 1
    • SHA3- 256: 2
    • SHA3-224: 3
    • SHA3-256: 2
    • SHA3-384: 4
    • SHA3-512: 5
pdf_data/keywords/eval_facility
  • atsec:
    • atsec: 40
  • atsec:
    • atsec: 35
pdf_data/keywords/symmetric_crypto
  • AES_competition:
    • AES:
      • AES: 33
      • AES-: 2
      • AES128: 1
      • AES192: 1
      • AES256: 1
  • DES:
    • 3DES:
      • TDEA: 1
      • TDES: 1
      • Triple-DES: 16
    • DES:
      • DES: 3
  • constructions:
    • MAC:
      • CBC-MAC: 3
      • CMAC: 9
      • HMAC: 21
  • AES_competition:
    • AES:
      • AES: 33
      • AES-: 2
      • AES128: 1
      • AES192: 1
      • AES256: 1
  • DES:
    • 3DES:
      • TDEA: 1
      • TDES: 1
      • Triple-DES: 17
    • DES:
      • DES: 1
  • constructions:
    • MAC:
      • CBC-MAC: 1
      • CMAC: 9
      • HMAC: 21
pdf_data/keywords/asymmetric_crypto
  • ECC:
    • ECC:
      • ECC: 1
  • FF:
    • DH:
      • Diffie-Hellman: 7
  • ECC:
    • ECC:
      • ECC: 4
  • FF:
    • DH:
      • Diffie-Hellman: 16
pdf_data/keywords/hash_function
  • SHA:
    • SHA1:
      • SHA-1: 6
    • SHA3:
      • SHA-3: 1
      • SHA3: 1
      • SHA3-224: 4
      • SHA3-256: 5
      • SHA3-384: 3
      • SHA3-512: 4
  • SHA:
    • SHA1:
      • SHA-1: 6
    • SHA3:
      • SHA-3: 1
      • SHA3: 1
      • SHA3-224: 4
      • SHA3-256: 2
      • SHA3-384: 4
      • SHA3-512: 5
pdf_data/keywords/crypto_scheme
  • MAC:
    • MAC: 8
  • MAC:
    • MAC: 6
pdf_data/keywords/cipher_mode
  • CBC:
    • CBC: 8
  • CCM:
    • CCM: 6
  • CTR:
    • CTR: 7
  • ECB:
    • ECB: 6
  • GCM:
    • GCM: 22
  • OFB:
    • OFB: 2
  • XTS:
    • XTS: 7
  • CBC:
    • CBC: 8
  • CCM:
    • CCM: 6
  • CTR:
    • CTR: 8
  • ECB:
    • ECB: 6
  • GCM:
    • GCM: 22
  • OFB:
    • OFB: 2
  • XTS:
    • XTS: 7
pdf_data/keywords/ecc_curve
  • NIST:
    • P-256: 4
pdf_data/keywords/standard_id
  • FIPS:
    • FIPS 140: 2
    • FIPS 140-2: 51
    • FIPS PUB 140-2: 1
    • FIPS140-2: 1
    • FIPS180-4: 2
    • FIPS186-4: 2
    • FIPS197: 7
    • FIPS198-1: 3
    • FIPS202: 1
  • NIST:
    • NIST SP 800-90A: 2
    • SP 800-90A: 1
  • PKCS:
    • PKCS#1: 2
  • X509:
    • X.509: 1
  • FIPS:
    • FIPS 140: 2
    • FIPS 140-2: 47
    • FIPS PUB 140-2: 1
    • FIPS140-2: 1
    • FIPS180-4: 2
    • FIPS186-4: 2
    • FIPS197: 7
    • FIPS198-1: 3
    • FIPS202: 1
  • NIST:
    • NIST SP 800-90A: 2
    • SP 800-90A: 1
  • PKCS:
    • PKCS#1: 2
  • X509:
    • X.509: 1
pdf_data/policy_metadata
state/policy_pdf_hash Different Different
state/policy_txt_hash Different Different
web_data/caveat When operated in FIPS mode with module Amazon Linux 2 NSS Cryptographic Module validated to FIPS 140-2 under Cert. #4565 operating in FIPS mode When operated in FIPS mode with module Amazon Linux 2 NSS Cryptographic Module validated to FIPS 140-2 under Cert. #3646 operating in FIPS mode
web_data/certificate_pdf_url https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2023_101023_1100 signed (2).pdf https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/September 2020_011020_0703.pdf
web_data/date_sunset 13.09.2025
web_data/historical_reason Moved to historical list due to dependency on certificate #3646
web_data/mentioned_certs
  • 4565: 1
  • 3646: 1
web_data/status active historical
web_data/tested_conf Amazon Linux 2 running on Amazon EC2 c6g.metal with Graviton 2 with PAA, Amazon Linux 2 running on Amazon EC2 c6g.metal with Graviton 2 without PAA (single-user mode), Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5-2686 with PAA, Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5-2686 without PAA Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5-2686 with PAA, Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5-2686 without PAA (single-user mode), ,
web_data/validation_history
  • date: 12.09.2023
  • lab: ATSEC INFORMATION SECURITY CORP
  • validation_type: Initial
  • date: 14.09.2020
  • lab: ATSEC INFORMATION SECURITY CORP
  • validation_type: Initial