cosign-fips

Fips

Stig

Utils

docker pull reg.mini.dev/cosign-fips

Fips

Stig

Utils

Updated on June 14

docker pull reg.mini.dev/cosign-fips

Compliance

Understand the compliance standards and security best practices supported by this image.

90% CIS Docker compliance 80% NIST compliance FIPS 140-3 validated 100% STIG compliance

FIPS

FIPS 140-3 validated

OpenSSLJava

Certification

Certificate #5177- Minimus Cryptographic Module for OpenSSL
Certificate #E241- OpenSSL-compatible entropy provider (self-contained, kernel-independent)

Verification

To test the module, run the container as root and override the entrypoint:

docker run -it --name minimus-cosign-fips \
--user root --entrypoint openssl-fips-test \
reg.mini.dev/cosign-fips

The module validations will print to the terminal for review. For example:

Test Results

Checking OpenSSL lifecycle assurance.
 
    ✓ Self-test KAT_Integrity HMAC_Verify, 256 ... passed.
    ✓ Self-test KAT_Module_Integrity HMAC_Verify, 256, Module Integrity ... passed.
    ✓ Self-test KAT_Cipher AES_GCM_Encrypt, 256 ... passed.
    ✓ Self-test KAT_Cipher AES_GCM_Decrypt, 256 ... passed.
    ✓ Self-test KAT_Cipher AES_ECB_Decrypt, 256 ... passed.
    ....
    ....
    ✓ 51 out of 51 self-tests passed.
    ✓ Check FIPS cryptographic module is available... passed.
    ✓ Check FIPS approved only mode (EVP_default_properties_is_fips_enabled) ... passed.
    ✓ Check non-approved algorithm blocked (HMAC-MD5)... passed.
 
Digests available for non-security use as per FIPS 140-3 I.G. 2.4.A (fips=no):
    ✓ MD5
    ✓ SHA1
 
Available approved algorithms for security purposes (fips=yes):
    ✗ MD5
    ✓ SHA-1
    ✓ SHA-2
    ...
 
Public OpenSSL API (libssl.so & libcrypto.so):
    name:     OpenSSL 3.5.4 30 Sep 2025
    version:  3.5.4
 
FIPS cryptographic module provider details (fips.so):
    name:     140-3 FIPS Provider
    version:  3.0.0-FIPS 140-3
    build:    3.0.0-FIPS 140-3

Certification

Verification

This page is available on desktop