fips

FIPS compatible password encryption for .NET

I've working on a WinForms in VB.NET (3.5) application that requires the user to enter domain administrator credentials. To make things easier on the user, they should only have to enter the user name and password once, and then just rely on my app to save these credentials. I'd like to save these credentials with the other user settings...

ASP.NET 2.0 RijndaelManaged encryption algorithm vs. FIPS

I'm running into an issue with an ASP.NET 2.0 application. Our network folks just upped our security, and now I get the floowing error whenever I try to access the app: "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms." I've done a little research, and it sounds like ASP.NET uses the...

VS development on FDCC compliant Workstation

Hi, I have a FDCC compliant workstation with FIPS 140-1 (Level 1) enabled. Now, i cannot run/debug any VS 2005/2008 applications on my machine I get the following error message on my browser Parser Error Message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. the Error points to line ...

Apache server (C++) is not starting in fips mode?

Hi Could any one know apache server is not starting in fips mode in some PCs. Description: We have a client-server application where Apache webserver is the server and IE is the browser. Recently we have made this Apache webserver FIPS 140-2 compliant. Hence now it can work in FIPS mode. We are able to run the server in FIPS mode on a...

When will C# AES algorithm be FIPS compliant?

Right now the only way I can get the RijndaelManaged algorithm to work on a computer with the Local Security Setting for FIPS turned on, is to disable it. It is a government computer, so I'm not sure how that will fly. I've seen posts on the msdn blog sites that say they are working on an AES FIPS compliant version, but I cant seem to ...

FIPS-compliant Isolated Storage in WinXP?

I've read (but not tested) that Isolated Storage uses Sha1Managed, which is not FIPS-compliant? Is that accurate, and can anything be done to use Isolated Storage on a FIPS-compliant WinXP SP2 box? I've seen mention of "Isolated Storage" within both the ClickOnce and Silverlight spaces. I'd appreciate an informed answer regarding eith...

FIPS-compliant HashAlgorithm on WinXP?

How can I use C# on a FIPS-compliant WinXP SP2 box to uniquely hash the contents of a given file? I'm not concerned about performance (yet?). Hopefully someone can point out an exception to the "rule", but it seems that the "*ServiceProvider" classes are FIPS-compliant and unavailable on WinXP, while the "*Managed" classes are availabl...

FIPS Enabling On Glassfish_v2.1

I am attempting to enable FIPS mode on my windows machine, running glassfish_v21 Enterprise with HADB. I am doing this as a way to test the process on a machine with less collateral damage than on a Development Environment. However I receive an error when attempting to enable FIPS mode, below are the steps that I followed. I used modut...

MVC App Works in Visual Studio, but not IIS7

Working on a an ASP.NET MVC Project, and I'm having some difficulties deploying to a shared dev server. Locally, when debugging using the local Visual Studio 2008 server, everything works peachy. However, once deployed, I receive the following error: Parser Error Description: An error occurred during the parsing of a resource requi...

How do I script a complex link in visual studio (FIPS / Static Link Lib / VS.2008)

Question What's the right way to build a complex fips link into the Visual Studio vcproj projects while continuing to allow developers to arrange libraries via the properties GUI? Situation I'm using VS 2008 and have a bunch of projects that use openssl statically linked. Thus far the link has been simple, but now I'm switching to a ...

FIPS compliance issue on third-party dll

Currently been using ComponentOne report generator on a web app with no issues. Recently had to turn on FIPS compliance on the server. The app now fails at the call made to ComponentOne method. Is it correct to think that the C1 dll was built on a machine that had FIPS turned off? Any workarounds aside from turning off FIPS on the se...

Can the ASP.NET ScriptManager be made to work with the Windows FIPS security policy?

If you enable the "Use FIPS compliant algorithms for encryption, hashing, and signing" security policy option in Windows, attempting to use many of the cryptographic classes in the .NET Framework will result in an InvalidOperationException. By default, ASP.NET uses AES to encrypt the ViewState blob, so it fails. You can work around this ...

What does it mean for an application to be FIPS 140 compliant?

Is it as simple as using FIPS 140 compliant crypto providers or is there more to it? Are there differences if it is a web app vs a windows app? What if it is a distributed app? Are there any special considerations for IIS, WCF, ASP.Net, Silverlight, AJAX, etc? Thanks ...

How can I ensure that a Java object (containing cryptographic material) is zeroized?

My concern is that cryptographic keys and secrets that are managed by the garbage collector may be copied and moved around in memory without zeroization. As a possible solution, is it enough to: public class Key { private char[] key; // ... protected void finalize() throws Throwable { try { for(int k = 0; k < key.lengt...

FIPS-compliant encryption in .NET 2.0

We have a .NET 2.0 application that uses the RijindaelManaged class to encrypt some sensitive data. This was fine until we ran into some machines that require the use of FIPS-compliant algorithms. We'd like to switch to AesCryptoServiceProvider, but most of our target machines haven't upgraded past .NET 2.0. Requiring an upgrade is out...

What are the benefits of using fips for the JCE?

I used the FIPS provider in the JCE, but couldn't really see any difference - I specifically looked for the maximum key sizes but didn't find any difference there. What advantages does enabling FIPS actually provide? ...

Is it possible to create a FIPS 140-2 compliant server in Perl?

The question is pretty simple, is it possible to create a FIPS 140-2 compliant server in Perl? Especially, is it possible without modifying any of the C code for the modules? If it's not possible in straight Perl, what would be the easiest way to go about it from a C perspective? I'm basically creating a mini-httpd that only serves up a...

Make ASP.NET web application FIPS Compliant?

I need to understand how to make an ASP.NET web application FIPS compliant. To keep it simple, I created a new web application within VS 2008. I have FIPS enabled on my development machine, as the client using the web application will be a Federal agency that will enforce FIPS. I can not even compile the new web application - as it gi...

Which .NET SHA1 class is FIPS compliant?

I'm using the SHA1Managed class in my code, but this causes a problem when I run it on a particular machine. I get this exception: System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. The problem is caused by SHA1Managed, which is not FIPS compliant. ...

AJAX.NET and FIPS

We have a few sections of our application that are using AJAX.NET 5.7.25.1. Our server administrators have enabled FIPS and we are running into the following error: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. Call stack: at System.Security.Cryptography.MD5CryptoServiceProvider..cto...