WebCrypto / FIPS 140-2 in Edge and Edge/Chromium

Copper Contributor

If Windows 10 is running in "FIPS 140-2 mode" per https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security..., does that mean that Edge is also only using FIPS 140-2 approved algorithms and it is actually using the  Microsoft Windows Cryptographic Primitives Library?

Assuming the answer is yes, does the WebCrypto API in Edge actually use the Cryptographic Primitives Library?

Last question, does this change at all for the new version of Edge based on Chromium?

5 Replies

Would be great if anyone could actually help and/or voice an opinion as to whether or not I'm thinking about this correctly.

I am also looking for some information on that topic, unfortunately there is not much information available online

Can anyone (Microsoft or Others) answer this question as to FIPS 140-2 validated Cryptographic Module usage by EDGE.  Is it using Windows Crypto under the hood on Windows Platforms?   



@j_hawkins Microsoft Edge Legacy uses the Windows Cryptographic libraries that are a part of the Windows operating system. 

Microsoft Edge (version 76+) instead uses the Chromium cryptographic libraries and does not rely upon the Windows system cryptographic libraries or configuration. 

@Eric_Lawrence or anyone at Microsoft, any changes on the status of Microsoft Edge using FIPS 140-2 validated cryptography? Is it still using non FIPS validated Chromium built-in cryptographic modules or are the latest versions using FIPS validated cryptography ?