The new product meets a growing market need for a NIST ESV-certified, licensable, standalone software entropy source compatible with OpenSSL 3.x
SAN FRANCISCO, April 28, 2025 /PRNewswire-PRWeb/ -- SafeLogic Inc., a premier provider of cryptographic software solutions, announced today at the RSAC Conference in San Francisco that its newest product, CryptoComply Entropy Provider, is now generally available. CryptoComply Entropy Provider allows organizations seeking Common Criteria and FIPS 140-3 certification to meet existing NIAP and upcoming CMVP requirements to employ an ESV-certified entropy source.
Cryptographic modules, used to encrypt and decrypt data at rest and in motion, employ an entropy source to generate unpredictable random numbers they use to create secret encryption keys. However, if the random numbers generated by the entropy source are not truly random, adversaries can guess or predict the keys and crack the cryptography.
To combat this threat, NIST introduced formal testing and certification for entropy sources in 2022 via its Entropy Source Validation (ESV). As of 1/1/25, the National Information Assurance Partnership (NIAP) requires all new Common Criteria submissions to employ an ESV-validated entropy source. As of 1/1/26, NIST's Cryptographic Module Validation Program (CMVP) will require an ESV-validated entropy source for all new FIPS 140-3 software module validations.
CryptoComply Entropy Provider is a standalone, ESV-certified software entropy source (ESV certificate #E241). It meets all current NIAP and upcoming CMVP requirements, works seamlessly with SafeLogic's FIPS 140-3 certified CryptoComply v3, and will be the default entropy source for future SafeLogic OpenSSL 3.x compatible modules. It drops into existing OpenSSL 3.x based cryptographic installations and is available for licensing by 3rd parties pursuing Common Criteria or FIPS 140-3 certification for their own cryptographic modules.
"With the new NIAP and CMVP requirements, we are seeing growing interest in a standalone, ESV certified, 3rd party licensable software entropy source," said Evgeny Gervis, SafeLogic CEO. "By licensing CryptoComply Entropy Provider, organizations will completely avoid the burden of having to design and build their own entropy source, generate sufficient test data for statistical analysis of randomness, then work with a lab and the ESV program to get all their operating environments (OEs) and target operating environments (TOEs) certified."
CryptoComply Entropy Provider has been initially certified for sixteen OEs, including Linux, Unix, Windows, MacOS, iOS, and Android. SafeLogic can work with customers to get other environments tested and certified, a significant capability for organizations seeking Common Criteria certification for their TOEs. Initial GA builds can be requested from SafeLogic.
About SafeLogic
Founded in 2012, SafeLogic is a premier provider of cryptographic solutions that enable enduring privacy and trust in the ever-changing digital world. SafeLogic's CryptoComply FIPS 140 validated cryptographic software modules support a broad range of platforms, programming languages, and operating environments. With its FIPS Validation-as-a-Service offering, SafeLogic expedites the delivery of FIPS 140 certificates for its CryptoComply customers. It then keeps those certificates active over time via a unique white-glove managed service that provides both software support and certification maintenance. CryptoComply is also the basis for SafeLogic's post-quantum cryptography (PQC) capabilities, which include PQC algorithms, PQ TLS support, discovery, crypto-agility, and hybrid deployments. Its newest product, CryptoComply Entropy Provider, is an ESV-certified, standalone software entropy source.
For more information on this new product, see the SafeLogic website, contact your existing SafeLogic representative or email [email protected].
Media Contact
Evgeny Gervis, SafeLogic, 1 8444362797, [email protected], www.safelogic.com
SOURCE SafeLogic
Share this article