Christopher Fahlin
d0c201dd9f
HMAC fingerprint generated on-device via openssl fipsinstall against the 3.1.2 FIPS provider binary. All 29 KATs passed.
Sample Apps
Demonstrates FIPS 140-3 compliant SQLCipher integration using the pre-built
artifacts from out/. Both apps run an identical compliance suite:
- FIPS provider loaded
- Self-test (POST/KAT) passes
- HMAC integrity verified
- OpenSSL version is 3.0.x (FIPS validated)
- Encrypted DB write/read round-trip
- Passphrase rotation (rekey)
- Wrong-key rejection
Android (Jetpack Compose)
# From repo root — build artifacts first
./build.sh all
./build.sh package
# Bootstrap and build the sample
cd samples/android
./bootstrap.sh
./gradlew assembleDebug
./gradlew installDebug
Requires: Android SDK, NDK (for native build), JDK 17.
iOS (SwiftUI)
# From repo root — build artifacts first
./build.sh ios-all
./build.sh package-xcframework
# Bootstrap and open
cd samples/ios
./bootstrap.sh
open FIPSDemo/FIPSDemo.xcodeproj
Build and run on a simulator or device from Xcode. Requires Xcode 15+.
What they verify
Both apps call the FIPS initialization helpers from out/src/ at launch,
then exercise the OpenSSL FIPS provider and SQLCipher through native code.
The UI displays pass/fail for each check with detail strings.
The compliance suite validates that:
- The FIPS module's HMAC survived packaging (no strip/compress/re-sign)
- KAT (Known Answer Tests) pass at runtime
- SQLCipher uses FIPS-approved algorithms for encryption
- Key rotation works correctly
- Incorrect keys are rejected (no plaintext fallback)