Can XP SP3 Provide EFS with AES that is FIPS 140-2 compliant?
Posted on 2011-02-24
I'd like to use EFS on Windows XP Service Pack 3, but am trying to find out if there's a way to make this use a FIPS 140-2 compliant implementation of AES. I know the FIPS compliant modules that you can enable in XP (by setting the FIPS local policy flag) include AES, however I've also found this line in Microsoft documentation detailing what happens when you set this flag:
"In Windows XP SP1 or later and Server 2003, the EFS switches from an non-Approved kernel AES implementation to an approved Three-Key Triple-DES implementation. "
I've not found any way to set the EFS to another FIPS-compliant algorithm after setting the FIPS flag. Is there any way to use a compliant AES implementation for XP SP3?