GoodMem
ReferenceSecurity

FIPS 140 Compliance

Cryptographic provider configuration and FIPS compliance posture for GoodMem deployments

FIPS 140 Compliance

This page documents GoodMem's cryptographic provider configuration and FIPS 140 compliance posture across the server, database, and CLI components.

Compliance Summary

ComponentFIPS StatusNotes
Server JCE/TLSCompliantBCFIPS 2.1.2 / BCTLS-FIPS 2.1.22
Server RandomnessCompliantBCFIPS DRBG
Server Hashing/HMACCompliantProvider-qualified to BCFIPS
Licensing SignaturesConditionalEd25519 approved in BC-FJA 2.1.1 (cert #4943); 2.1.2 under submission
Database (pgcrypto)Non-compliantPostgreSQL extensions not FIPS-validated
CLINon-compliantRequires FIPS Go build and configuration changes

Server

JCE and TLS Providers

GoodMem installs BouncyCastle FIPS providers at JVM startup:

ProviderPositionPurpose
BCFIPS#1FIPS 140-2 certified JCE provider for cryptographic primitives
BCJSSE#2FIPS-bound JSSE provider for TLS operations

The providers are installed at positions #1 and #2 respectively, ensuring they take precedence over the default JVM providers. BCJSSE is bound to BCFIPS using the fips:BCFIPS configuration, ensuring all TLS operations use the FIPS cryptographic boundary.

Inbound TLS: The gRPC server uses BCJSSE with a BCFKS keystore built from PEM certificate/key files. TLS credentials are constructed via BCJSSE PKIX KeyManager/TrustManager.

Outbound TLS: The default SSLContext is configured to use BCJSSE with PKIX trust and BCFIPS DRBG. OkHttp and other HTTP clients inheriting defaults use BCJSSE automatically.

Randomness

All random number generation uses the BCFIPS DRBG (Deterministic Random Bit Generator):

  • API key generation (ApiKeyServiceImpl, SystemInitOperation)
  • Security token generation

Hashing and HMAC

Cryptographic hash functions are provider-qualified to BCFIPS:

  • SHA-256 and HMAC-SHA256 in license telemetry and validation
  • SHA3-256 for API key hashing
  • All executed inside the FIPS module boundary

Licensing Signatures

The licensing subsystem uses Ed25519 for signature generation and verification.

Ed25519 FIPS Status:

  • FIPS 186-5 (2023) added EdDSA and explicitly approves Ed25519/Ed448 as signature schemes
  • BC-FJA 2.1.1 is validated under CMVP certificate #4943 with EdDSA in the approved algorithm table
  • BC-FJA 2.1.2 (currently in use) is functionally identical for EdDSA, pending its own CMVP certificate

If your deployment requires an already-certified module, you can either:

  1. Use BC-FJA 2.1.1 (cert #4943) instead of 2.1.2
  2. Wait for the 2.1.2 certificate (typically ~18 months from submission based on CMVP averages)

Approved-Only Mode

By default, GoodMem enables approved-only mode, which restricts cryptographic operations to FIPS-approved algorithms:

org.bouncycastle.fips.approved_only=true

To disable approved-only mode (not recommended for compliance):

java -Dorg.bouncycastle.fips.approved_only=false -jar goodmem-server.jar

Verifying FIPS Mode

The server startup banner displays the cryptographic provider configuration:

┌─────────────────────────────────────────────────────────────┐
│ GoodMem Server                                              │
├─────────────────────────────────────────────────────────────┤
│ Crypto   │ jce=BCFIPS 2.1.2 (approved_only=true)  tls=...  │
└─────────────────────────────────────────────────────────────┘

On successful initialization, the server logs:

BCFIPS providers installed (approved_only=true): BCFIPS at position 1, BCJSSE at position 2

Database

PostgreSQL extensions used by GoodMem are not FIPS-validated:

ExtensionUsageFIPS Status
pgcryptoSHA-256 digests for content deduplication, credential hashingNon-compliant
uuid-osspUUID generation (uuid_generate_v4())Non-compliant

Affected Database Operations

  • Content digests: digest(original_content, 'sha256') in memory tables
  • Credential hashing: digest(credentials::text, 'sha256') for model connections
  • UUID defaults: Primary key defaults on most tables

Remediation Options

For deployments requiring strict FIPS boundaries:

  1. Move hashing to application code: Compute SHA-256 digests in the server (using BCFIPS) and store the result; remove database-side digest() calls
  2. Application-generated UUIDs: Replace uuid_generate_v4() defaults with UUIDs generated from the FIPS DRBG in application code
  3. Document the boundary: For less strict requirements, document that the database layer operates outside the FIPS boundary

CLI

The GoodMem CLI is not currently in a FIPS posture.

The CLI utilizes standard cryptographic libraries and currently includes dependencies that do not yet fully support FIPS-validated execution modes. Consequently, the CLI should be considered non-compliant for environments requiring strict FIPS 140 adherence.

Dependencies

Server Libraries

LibraryVersionCMVP Status
bc-fips2.1.2Under submission (2.1.1 is cert #4943)
bctls-fips2.1.22Under submission

Licensing

The BouncyCastle FIPS libraries are distributed under an MIT-style license that permits commercial use free of charge, provided the copyright notice is included.

Important: While the license permits code modification, FIPS certification requires using the official, unmodified JAR files exactly as distributed. Modifying the JAR breaks the digital signature and voids the FIPS validation.

Algorithm Support

When running in approved-only mode, only FIPS-approved algorithms are available:

Symmetric Encryption

  • AES (128, 192, 256-bit keys)
  • Triple DES (3-key)

Hash Functions

  • SHA-224, SHA-256, SHA-384, SHA-512
  • SHA-512/224, SHA-512/256
  • SHA3-224, SHA3-256, SHA3-384, SHA3-512

Digital Signatures

  • RSA (PKCS#1, PSS) with 2048+ bit keys
  • ECDSA (P-256, P-384, P-521)
  • EdDSA (Ed25519, Ed448) — approved in BC-FJA 2.1.1 (cert #4943); 2.1.2 is functionally identical, pending its own cert

Key Agreement

  • ECDH (NIST curves)
  • DH (2048+ bit)

TLS

  • TLS 1.2 and TLS 1.3 with FIPS-approved cipher suites
  • AES-GCM cipher suites
  • NIST P-256, P-384, P-521 curves

Troubleshooting

Provider Not at Expected Position

FIPS provider positions invalid: BCFIPS=3 (expected 1), BCJSSE=4 (expected 2)

Another security provider was installed before GoodMem's initialization. Check:

  • JVM java.security configuration file
  • Other libraries installing providers at startup

TLS Handshake Failures

If TLS connections fail in FIPS mode:

  1. Verify clients support FIPS-approved cipher suites
  2. Check certificates use supported key types (RSA 2048+, ECDSA P-256/P-384/P-521)
  3. Ensure private keys are in supported PEM format (PKCS#8 or traditional)

Approved Algorithm Errors

In approved-only mode, non-approved algorithms throw exceptions:

  • MD5 is not FIPS-approved (use SHA-256+)
  • RSA keys shorter than 2048 bits are not approved
  • ChaCha20-Poly1305 is not FIPS-approved

References

ChatPostProcessor

Comprehensive guide to GoodMem's built-in post processor for conversational AI applications

TLS Configuration

Overview of TLS modes, self-signed defaults, and certificate options for GoodMem deployments

On this page

FIPS 140 ComplianceCompliance SummaryServerJCE and TLS ProvidersRandomnessHashing and HMACLicensing SignaturesApproved-Only ModeVerifying FIPS ModeDatabaseAffected Database OperationsRemediation OptionsCLIDependenciesServer LibrariesLicensingAlgorithm SupportSymmetric EncryptionHash FunctionsDigital SignaturesKey AgreementTLSTroubleshootingProvider Not at Expected PositionTLS Handshake FailuresApproved Algorithm ErrorsReferences