Add fips check when checking for root key encryption

Signed-off-by: Umayr Shahid <[email protected]>
notaryproject · Apr 6, 2017 · e877c7f · e877c7f
1 parent dc84eaa
commit e877c7f
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/cryptoservice/crypto_service.go b/cryptoservice/crypto_service.go
@@ -173,6 +173,13 @@ func CheckRootKeyIsEncrypted(pemBytes []byte) error {
 		return ErrNoValidPrivateKey
 	}
 
+	if notary.FIPSEnabled {
+		if block.Type == "PRIVATE ENCRYPTED KEY" {
+			return nil
+		}
+		return ErrRootKeyNotEncrypted
+	}
+
 	if !x509.IsEncryptedPEMBlock(block) {
 		return ErrRootKeyNotEncrypted
 	}