Have you ever run into this error?
“This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.”
FIPS is what US government came up with to standardize some of the aspects of processing information. FIPS 140
heavily affects cryptographic area. For example, MD5 or SHA256 is not FIPS compatible. That’s why you would get an above error if you were using MD5
algorithm on Windows with FIPS enabled.
If you are developing some governmental application (international in my case) there is high chance that this feature is enabled on target environment.
To enable FIPS locally for testing purposes do the following:
Start Local Group Policy Editor via “gpedit.msc” and go to: Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> Security Options –> System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.
Or just HKLMSystemCurrentControlSetControlLsaFIPSAlgorithmPolicyEnabled if you are running Win7.
Back to your .net code. These would be alternative hashing algorithms: HMACSHA1, MACTripleDES and few more, but I would go for one of SHA algorithms by using CryptoServiceProvider. For example SHA1CryptoServiceProvider
. Except of hashing some of the encryption algorithms won’t be compatible as well, so you will need to figure out what works. Unfortunately MSDN doesn’t state it explicitly.
After I enabled FIPS to test the app I wasn’t even able to compile the solution. Visual Studio started to complain about xaml files. I found that I’m not the fist to see that problem
. Strange, since I thought that I had required updates. Nevertheless fix is to put this: <enforceFIPSPolicy enabled=”false”/> into your msbuild.exe.config or denev.exe.config
I wonder how much unknown and strange stuff is hidden under the hood of operating system. Recently I’ve started discovering a lot of such things.