{"id":3594,"date":"2024-07-12T10:00:00","date_gmt":"2024-07-12T14:00:00","guid":{"rendered":"https:\/\/www.mymiller.name\/wordpress\/?p=3594"},"modified":"2024-11-03T20:04:29","modified_gmt":"2024-11-04T01:04:29","slug":"fips-jdk-21-image","status":"publish","type":"post","link":"https:\/\/www.mymiller.name\/wordpress\/docker\/fips-jdk-21-image\/","title":{"rendered":"FIPS JDK 21 Image"},"content":{"rendered":"\n<p><strong>Warning: Use FIPS Instructions at Your Own Risk<\/strong><\/p>\n\n\n\n<p>The provided Dockerfile and instructions are intended to assist in creating a FIPS-compliant environment for your Spring Boot application. However, achieving and maintaining FIPS compliance is a complex process with potential legal and security implications.<\/p>\n\n\n\n<p>By following these instructions, you acknowledge and accept the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>No Guarantee of Compliance:<\/strong> While these instructions aim to facilitate FIPS compliance, we cannot guarantee that your final configuration will meet all FIPS requirements. Compliance depends on various factors, including your application&#8217;s code, third-party libraries, and the specific FIPS mode you are aiming for.<\/li>\n\n\n\n<li><strong>Thorough Testing Required:<\/strong> It is your responsibility to rigorously test your application in the FIPS-enabled environment to ensure it functions correctly and adheres to FIPS standards.<\/li>\n\n\n\n<li><strong>Consult Experts:<\/strong> If you have any doubts or questions regarding FIPS compliance, it is strongly recommended to seek guidance from qualified security professionals or legal counsel.<\/li>\n\n\n\n<li><strong>Liability Disclaimer:<\/strong> We disclaim any liability for issues, damages, or non-compliance arising from the use of these instructions. You are solely responsible for ensuring your application and environment meet all necessary FIPS requirements.<\/li>\n<\/ul>\n\n\n\n<p><strong>Proceed with Caution:<\/strong> FIPS compliance is a serious undertaking. Use these instructions as a starting point, but always prioritize thorough testing and expert consultation to ensure your application meets the necessary security standards.<\/p>\n\n\n\n<div class=\"wp-block-jetpack-markdown\"><p>Here\u2019s a Dockerfile tailored for your FIPS-compliant Spring Boot application with JDK 21, along with explanations:<\/p>\n<pre><code class=\"language-Dockerfile\"># FIPS-Compliant Base Image\nFROM redhat\/ubi9-minimal:9.2-814 # FIPS-validated Red Hat Universal Base Image\n\n# Install Required Packages and JDK 21\nRUN microdnf install -y --nodocs \\\n    java-21-openjdk-headless \\\n    openssl-libs-fips \\\n    &amp;&amp; microdnf clean all \\\n    &amp;&amp; sed -i 's\/securerandom=drng\/securerandom=drng_fips\/g' \/etc\/crypto-policies\/back-ends\/openjdk.config \\\n    &amp;&amp; update-crypto-policies --set FIPS\n\n# Enable FIPS Mode\nENV OPENSSL_CONF=\/etc\/pki\/tls\/openssl.cnf\n\n# Application User\nRUN groupadd -r spring &amp;&amp; useradd -r -g spring spring\n\n# Set Working Directory\nUSER spring\nWORKDIR \/home\/spring\n\n# Copy Application JAR\nCOPY --chown=spring:spring target\/your-spring-boot-app.jar app.jar\n\n# Expose Port (Change if needed)\nEXPOSE 8080\n\n# Run Application\nENTRYPOINT [&quot;java&quot;, &quot;-Djava.security.egd=file:\/dev\/.\/urandom&quot;, &quot;-jar&quot;, &quot;app.jar&quot;]\n<\/code><\/pre>\n<p><strong>Key Points &amp; Explanation:<\/strong><\/p>\n<ul>\n<li><strong>FIPS-validated Base Image:<\/strong>\n<ul>\n<li>We start with <code>redhat\/ubi9-minimal:9.2-814<\/code>, a Red Hat Universal Base Image that\u2019s FIPS-validated. This ensures a secure foundation for our container.<\/li>\n<\/ul>\n<\/li>\n<li><strong>FIPS-Compliant JDK 21:<\/strong>\n<ul>\n<li>We install the <code>java-21-openjdk-headless<\/code> package, which provides the FIPS-compliant JDK 21. The <code>-headless<\/code> option is used for server-side applications.<\/li>\n<\/ul>\n<\/li>\n<li><strong>OpenSSL FIPS Module:<\/strong>\n<ul>\n<li>We include the <code>openssl-libs-fips<\/code> package for FIPS-validated cryptographic operations.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Enable FIPS Mode:<\/strong>\n<ul>\n<li>The <code>sed<\/code> command modifies the <code>openjdk.config<\/code> file to use the FIPS-compliant DRNG (Deterministic Random Number Generator), and <code>update-crypto-policies<\/code> sets the system-wide cryptographic policy to FIPS. We also set the <code>OPENSSL_CONF<\/code> environment variable to the FIPS-compliant OpenSSL configuration file.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Security Best Practices:<\/strong>\n<ul>\n<li>An unprivileged <code>spring<\/code> user is created and used to run the application, enhancing security.<\/li>\n<li>The <code>-Djava.security.egd=file:\/dev\/.\/urandom<\/code> option is added to improve the startup time of Spring Boot applications.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Customization:<\/strong>\n<ul>\n<li>Replace <code>your-spring-boot-app.jar<\/code> with the actual name of your Spring Boot JAR file.<\/li>\n<li>If your application uses a different port than 8080, modify the <code>EXPOSE<\/code> instruction accordingly.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Build &amp; Run:<\/strong><\/p>\n<ol>\n<li>\n<p><strong>Build Image:<\/strong><\/p>\n<pre><code class=\"language-bash\">docker build -t my-fips-spring-app .\n<\/code><\/pre>\n<\/li>\n<li>\n<p><strong>Run Container:<\/strong><\/p>\n<pre><code class=\"language-bash\">docker run -p 8080:8080 my-fips-spring-app\n<\/code><\/pre>\n<\/li>\n<\/ol>\n<p><strong>Important Considerations:<\/strong><\/p>\n<ul>\n<li><strong>FIPS Certification:<\/strong> Make sure your Spring Boot application itself is designed to be FIPS-compliant. If it uses any external libraries or components, ensure they\u2019re also FIPS-certified or compatible.<\/li>\n<li><strong>Testing:<\/strong> Thoroughly test your application in the Docker container to verify that FIPS mode is working correctly and that all functionalities are behaving as expected.<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Warning: Use FIPS Instructions at Your Own Risk The provided Dockerfile and instructions are intended to assist in creating a FIPS-compliant environment for your Spring Boot application. However, achieving and maintaining FIPS compliance is a complex process with potential legal and security implications. By following these instructions, you acknowledge and accept the following: Proceed with [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3595,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[277],"tags":[69],"series":[],"class_list":["post-3594","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-docker","tag-java-2"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/Gemini_Generated_Image_6lwv546lwv546lwv-jpg.avif","jetpack-related-posts":[{"id":3530,"url":"https:\/\/www.mymiller.name\/wordpress\/spring_databases\/spring-jpa-auditing-track-data-changes\/","url_meta":{"origin":3594,"position":0},"title":"Spring JPA Auditing: Track Data Changes","author":"Jeffery Miller","date":"April 20, 2026","format":false,"excerpt":"In the dynamic world of software development, understanding the complete history of your data is crucial. Who made a change? When did it occur? Who viewed the data? Spring JPA Auditing, combined with custom solutions, offers a comprehensive way to answer these questions, acting as a time machine for your\u2026","rel":"","context":"In &quot;Spring Databases&quot;","block_context":{"text":"Spring Databases","link":"https:\/\/www.mymiller.name\/wordpress\/category\/spring_databases\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/image.png?fit=1200%2C686&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/image.png?fit=1200%2C686&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/image.png?fit=1200%2C686&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/image.png?fit=1200%2C686&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/image.png?fit=1200%2C686&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":3388,"url":"https:\/\/www.mymiller.name\/wordpress\/java_new_features\/vector-api-for-computations\/","url_meta":{"origin":3594,"position":1},"title":"Vector API for computations","author":"Jeffery Miller","date":"December 24, 2025","format":false,"excerpt":"Java 16 introduced a new feature called the Vector API, which provides a set of low-level vector operations for performing mathematical calculations on large sets of data. The Vector API is designed to take advantage of the hardware capabilities of modern CPUs, such as SIMD (Single Instruction Multiple Data) instructions,\u2026","rel":"","context":"In &quot;Java New Features&quot;","block_context":{"text":"Java New Features","link":"https:\/\/www.mymiller.name\/wordpress\/category\/java_new_features\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2023\/06\/board-g12f4be736_640.jpg?fit=640%2C424&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2023\/06\/board-g12f4be736_640.jpg?fit=640%2C424&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2023\/06\/board-g12f4be736_640.jpg?fit=640%2C424&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":3582,"url":"https:\/\/www.mymiller.name\/wordpress\/spring\/leveraging-dicom-in-spring-boot-applications\/","url_meta":{"origin":3594,"position":2},"title":"Leveraging DICOM in Spring Boot Applications","author":"Jeffery Miller","date":"November 19, 2025","format":false,"excerpt":"Leveraging DICOM in Spring Boot Applications DICOM, the cornerstone of medical imaging, is a specialized format for storing and transmitting medical images and related information. Integrating it into your Spring Boot project opens up a world of possibilities for medical applications. Let\u2019s explore how to achieve this. Understanding DICOM DICOM\u2026","rel":"","context":"In &quot;Spring&quot;","block_context":{"text":"Spring","link":"https:\/\/www.mymiller.name\/wordpress\/category\/spring\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/x-ray-6841384_1280.jpg?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/x-ray-6841384_1280.jpg?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/x-ray-6841384_1280.jpg?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/x-ray-6841384_1280.jpg?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2024\/06\/x-ray-6841384_1280.jpg?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":3965,"url":"https:\/\/www.mymiller.name\/wordpress\/angular\/bringing-worlds-to-life-integrating-ai-personas-in-multi-user-dungeons-muds\/","url_meta":{"origin":3594,"position":3},"title":"Bringing Worlds to Life: Integrating AI Personas in Multi-User Dungeons (MUDs)","author":"Jeffery Miller","date":"April 20, 2026","format":false,"excerpt":"A few weeks ago, I found myself pondering the ultimate objective for an artificial intelligence system. The answer kept returning to a single concept: the ability to truly mimic a human. This spark of an idea gave rise to a challenge\u2014I needed a sandbox where I could work with AI\u2026","rel":"","context":"In &quot;Angular&quot;","block_context":{"text":"Angular","link":"https:\/\/www.mymiller.name\/wordpress\/category\/angular\/"},"img":{"alt_text":"","src":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2026\/04\/Gemini_Generated_Image_hsr3ethsr3ethsr3-scaled.avif","width":350,"height":200,"srcset":"https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2026\/04\/Gemini_Generated_Image_hsr3ethsr3ethsr3-scaled.avif 1x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2026\/04\/Gemini_Generated_Image_hsr3ethsr3ethsr3-scaled.avif 1.5x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2026\/04\/Gemini_Generated_Image_hsr3ethsr3ethsr3-scaled.avif 2x, https:\/\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2026\/04\/Gemini_Generated_Image_hsr3ethsr3ethsr3-scaled.avif 3x"},"classes":[]},{"id":1988,"url":"https:\/\/www.mymiller.name\/wordpress\/java\/java-build-your-own-jobmanager\/","url_meta":{"origin":3594,"position":4},"title":"Java: Build your own JobManager","author":"Jeffery Miller","date":"November 24, 2025","format":false,"excerpt":"So often I see developers turn to open source to implement job management. \u00a0These are often far more advanced than what many people really need in their Java applications. \u00a0Sure there are times when it is needed and called for, however many times that is not the case. \u00a0Today I\u2026","rel":"","context":"In &quot;JAVA&quot;","block_context":{"text":"JAVA","link":"https:\/\/www.mymiller.name\/wordpress\/category\/java\/"},"img":{"alt_text":"JobManager to manage your jobs","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2016\/11\/work-1105285_640.jpg?fit=640%2C452&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2016\/11\/work-1105285_640.jpg?fit=640%2C452&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2016\/11\/work-1105285_640.jpg?fit=640%2C452&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":1788,"url":"https:\/\/www.mymiller.name\/wordpress\/challenge\/algorithm-max-diff\/","url_meta":{"origin":3594,"position":5},"title":"Algorithm: Max Diff between consecutive elements in an ordered array","author":"Jeffery Miller","date":"July 3, 2024","format":false,"excerpt":"So you have an array that is ordered from highest to lowest, and now you need to know what is the maximum difference between consecutive elements in the array. \u00a0So let's take a look at what we are first talking about. int[] array = {1,2,3,5,7,11,13,17,19} As you can see we\u2026","rel":"","context":"In &quot;Challenge&quot;","block_context":{"text":"Challenge","link":"https:\/\/www.mymiller.name\/wordpress\/category\/challenge\/"},"img":{"alt_text":"algorithm max diff array","src":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2016\/07\/silhouette-936724_640.jpg?fit=640%2C452&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2016\/07\/silhouette-936724_640.jpg?fit=640%2C452&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mymiller.name\/wordpress\/wp-content\/uploads\/2016\/07\/silhouette-936724_640.jpg?fit=640%2C452&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts\/3594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/comments?post=3594"}],"version-history":[{"count":1,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts\/3594\/revisions"}],"predecessor-version":[{"id":3596,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/posts\/3594\/revisions\/3596"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/media\/3595"}],"wp:attachment":[{"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/media?parent=3594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/categories?post=3594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/tags?post=3594"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/www.mymiller.name\/wordpress\/wp-json\/wp\/v2\/series?post=3594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}