160
@section Certification
161
@cindex certification
163
Many cryptographic libraries claim certifications from national or international bodies. These certifications are tied on a specific (and often restricted) version of the library or a
164
specific product using the library, and typically in the case of software they assure that the algorithms implemented are correct. The major certifications known are:
166
@item USA's FIPS 140-2 at Level 1 which certifies that approved algorithms are used (see @url{http://en.wikipedia.org/wiki/FIPS_140-2});
167
@item Common Criteria for Information Technology Security Evaluation (CC), an international standard for verification of elaborate security claims (see @url{http://en.wikipedia.org/wiki/Common_Criteria}).
170
Obtaining such a certification is an expensive and elaborate job that has no immediate value for a continuously developed free software library (as the certification is tied to the
171
particular version tested), and in the case of algorithm verification of FIPS 140-2 it doesn't make much sense as the library is freely available and anyone can verify the correctness
172
of algorithm implementation. As such we are not actively pursuing this kind of certification. If you are, nevertheless, interested, see @ref{Commercial Support}.