GitHub - BrowserBox/FIPSPad: Small FIPS 140-3 and NIST SP 800-53 Notepad app.

fips-pad

A deliberately boring notepad, treated like a regulated system.

Why this exists

This project started as a toy exploration:

What is the smallest possible desktop application that can refuse to run unless it can prove it has access to a FIPS-approved cryptographic surface — and can document that behavior honestly?

Instead of building a large system and retrofitting policy language, this project goes the other way:

• choose a trivially small application,
• apply strict cryptographic and security constraints,
• document exactly what is adopted, rejected, and assumed.

A local, offline, encrypted notepad was chosen because:

• it forces real cryptographic decisions (data at rest),
• the attack surface is tiny,
• and hand-waving around “security” becomes immediately obvious.

This is not an enterprise platform. It is an MVP product and a concrete exploration of the FIPS / NIST rabbit hole.

What this is

• A single-user, offline, desktop notepad
• Notes are encrypted at rest
• No network access
• No accounts
• No telemetry
• No cloud sync
• No plugins
• No scripting

What this is not

• Not a FIPS-validated cryptographic module
• Not a compliance product
• Not a multi-user system
• Not a cloud service
• Not an audited or certified system

Precision matters. Claims are intentionally narrow.

FIPS posture and hard runtime gate

This application will not read or write protected notes unless it can establish that it is operating on a platform-appropriate, FIPS-approved cryptographic surface.

The gate is fail-closed:

• no fallback crypto
• no silent downgrade
• no “best effort” mode

If the gate cannot be verified, fips-pad refuses to run.

This project targets FIPS 140-2 and FIPS 140-3 aligned runtime behavior by requiring OS-backed, approved cryptographic surfaces at startup. It does not claim that fips-pad itself is a validated module.

In short:

• FIPS 140-2/140-3 target: only use platform cryptography that is part of an OS-certified/approved module boundary.
• Product claim: fail closed if that surface cannot be established.
• Non-claim: no claim that this application is itself CMVP-validated.

Validation boundary note:

• fips-pad is an application that depends on OS crypto surfaces.
• Any CMVP validation status applies to the underlying cryptographic module entries, not to this application as a validated module.

Windows 10 / 11

• Crypto backend: Windows CNG / BCrypt
• Gate condition: BCryptGetFipsAlgorithmMode() must report FIPS mode enabled
• If disabled:
  • fips-pad prints instructions for enabling the Windows policy “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing”
  • requests a reboot
  • exits

If fips-pad starts on Windows, it means:

The OS cryptographic provider is operating in FIPS-approved mode as reported by the OS itself.

macOS (strict allowlist)

macOS does not expose a single “FIPS mode toggle” equivalent to Windows.

Instead, fips-pad uses the hardest cleanest gate available:

• The application allowlists only macOS major versions + architectures that Apple publicly lists as shipping a certified user-space cryptographic module.
• macOS releases listed as “in review”, “review pending”, or “implementation under test” are rejected.

As of this writing, the strict allowlist is:

• macOS 11 (Big Sur)
• macOS 12 (Monterey)
• macOS 13 (Ventura)

macOS 14 and newer are rejected until Apple’s published certification table lists certified entries.

Once past the gate:

• all cryptography uses Apple system crypto APIs only
• only approved algorithms and modes are used
• no bundled or third-party crypto is invoked

If fips-pad starts on macOS, it means:

The OS version is one Apple documents as shipping a validated cryptographic module, and the application is constrained to that surface.

Linux (optional)

Linux is supported only in explicitly FIPS-enabled OS configurations.

If FIPS is not enabled, fips-pad refuses to run and points to canonical examples such as:

• Ubuntu LTS with Ubuntu Pro FIPS
• Red Hat Enterprise Linux in FIPS mode

Development bypass

Development builds may include a --skip-check flag to bypass the gate. This exists only to allow development on non-allowlisted systems.

Production builds do not include this flag.

If the gate can be bypassed, you are not running the product as shipped.

Cryptographic design (high level)

• Notes are stored as authenticated ciphertext (AEAD)
• Keys are derived from a user passphrase using an approved KDF
• Nonces and salts are generated via OS RNG
• Encrypted writes are atomic (write, fsync, rename)
• Plaintext is not intentionally written to disk

NIST SP 800-53 control selection

This project uses NIST SP 800-53 as a control vocabulary, not a compliance claim.

Controls were selected and tailored based on the actual system boundary:

• single user
• offline
• local files
• no organizational context

Controls implemented (subset)

• SC-13 — Cryptographic Protection
  All cryptography uses OS-provided backends; startup is gated on a FIPS-approved surface.

• SC-28 — Protection of Information at Rest
  Notes are always stored as authenticated ciphertext.

• SI-7 — Integrity
  Authentication failure is treated as tamper/corruption and fails closed.

• CM-7 — Least Functionality
  No networking, no plugins, no scripting, minimal UI.

• AU-2 — Event Logging (minimal)
  Local-only logging of security-relevant events; no content logging.

Selected baseline control IDs (working set)

The current selected/tailored working set for this project is:

• SC-13 (Cryptographic Protection)
• SC-28 (Protection of Information at Rest)
• SI-7 (Software, Firmware, and Information Integrity)
• CM-7 (Least Functionality)
• AU-2 (Event Logging)

Controls explicitly out of scope

Controls requiring:

• enterprise identity
• multi-user access control
• centralized audit pipelines
• organizational governance
• incident response programs

are intentionally marked Not Applicable.

This is control tailoring, exactly as 800-53 intends.

Authoritative references

• FIPS 140-3 (NIST publication):
  https://csrc.nist.gov/pubs/fips/140-3/final
• NIST CMVP program overview and validation listings:
  https://csrc.nist.gov/projects/cryptographic-module-validation-program
• NIST SP 800-53 Rev. 5 control catalog:
  https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
• Windows FIPS mode API (BCryptGetFipsAlgorithmMode):
  https://learn.microsoft.com/windows/win32/api/bcrypt/nf-bcrypt-bcryptgetfipsalgorithmmode
• Ubuntu FIPS enablement guidance:
  https://ubuntu.com/security/certifications/docs/16-18/fips-enablement
• RHEL FIPS mode guidance:
  https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/switching-rhel-to-fips-mode_security-hardening

What it means if the app starts

If fips-pad starts:

• a platform-appropriate FIPS cryptographic surface was verified
• only that surface is used
• non-approved crypto paths are unavailable by design

If it does not start, that is a feature.

Distribution & licensing

The source code is available for inspection. Signed, notarized binaries are sold.

You are paying for:

• verified builds
• platform signing
• supply-chain hygiene
• and the work required to finish the product responsibly

Licensing

• Source code: see LICENSE-SOURCE.txt
• Paid binaries: see LICENSE-BINARY.txt
• Enterprise use: see LICENSE-ENTERPRISE.txt

Closing note

This application is intentionally small, strict, and boring.

The point is not to be usable everywhere. The point is to make the security boundary explicit enough that nothing interesting is hiding inside it.