Ask Your Question
1

Duplicity with sha1 or other fips hashing

asked 2013-08-20 16:18:54 -0500

acidgrim gravatar image

I'm experimenting with enabling FIPS mode in my kernel and I have most of my system running smoothly. The only remaining issue is that Deja-Dup/duplicity appears to use md5, which is disabled in FIPS mode:

ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

Is there a way to change the default hashing method to a FIPS compliant one

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2013-08-20 22:11:35 -0500

FranciscoD_ gravatar image

From what I gather off the duplicity man page, it uses the default parameters and systems defined in librsync. The rsync man page specifies a -c option, however it's description seems to point only to MD5 or MD4 for checksums.

deja-dup is designed to be simple to use. It does not aim be customized at all. It uses a default set of duplicity options, and I'm not quite sure these can be changed without hacking the code.

All in all, I don't think you can select a different checksum algorithm. duplicity upstream might be able to direct you to some hacks, but it certainly doesn't seem to be as simple as providing a command switch.

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2013-08-20 16:18:54 -0500

Seen: 177 times

Last updated: Aug 20 '13