Add Support for FIPS Mode in Jostle #20
Description
Summary
Requesting support for a FIPS-compliant operating mode in Jostle. This would allow cryptographic operations to run using only FIPS-approved algorithms and modules, ensuring compatibility with environments that require FIPS-validated configurations.
Motivation
Many security-regulated deployments require applications and cryptographic providers to operate in a FIPS-restricted mode. In such environments, only approved algorithms and cryptographic mechanisms are permitted, and fallback to non-approved implementations must be prevented.
At present, Jostle does not offer a FIPS mode or configuration profile that enables this behavior. Adding this capability would expand Jostle’s applicability for compliance-driven use cases.
Desired Behavior
When enabled, a FIPS mode in Jostle should:
- Restrict available cryptographic primitives to those permitted in a FIPS environment.
- Reject or disable non-approved algorithms, key sizes, and signing/hash mechanisms.
- Ensure compliance through enforcement rather than application-level checks.
- Allow JCA usage patterns to remain unchanged (no API-level differences for applications).