Virtru’s encryption complies with FIPS 140-2, but not always by default. Customers should make sure to request Virtru with FIPS mode enabled to ensure FIPS 140-2 compliance across all Virtru platforms.
We use 3rd party AES-256 encryption libraries that have been certified by or for companies such as Google, Apple and Microsoft (more details below). As such, Virtru has not been required to go through a validation directly.
The Certificates for the certified Cryptographic Libraries are all listed here. The certificate numbers in question depend on platform and are listed below:
– # 1329 – Outlook for Desktop – Windows 7
– # 2357 – Outlook for Desktop – Windows 8
– # 2021 – iOS
– # 1747 – Android, Chrome*
*Upon request, we can enable FIPS mode in Virtru’s Chrome extension, but that platform does not use a FIPS module by default today.
Virtru also requires all connections to enforce "Elliptic curve Diffie-Hellman" - or ECDHE - to protect the confidentiality of communication channels, including key exchanges. This is not required under FIPS, but is considered the very best practice available.