Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

FIPS Compliance

Posted on 2013-01-11
2
Medium Priority
?
673 Views
Last Modified: 2013-01-14
We need to encrypt sensitive data in our database for our internal Web Application written in VS 2010 C# and using a MS SQL Server 2005 database.

I created a DLL to handle the encryption function.  Here is the code:

        public string Encrypt(string toEncrypt, bool useHashing, string key)
        {
            // If string is null or whitespace, return toEncrypt
            if (String.IsNullOrEmpty(toEncrypt) || String.IsNullOrWhiteSpace(toEncrypt) || toEncrypt.Equals(DBNull.Value))
                return toEncrypt;

            // Strip blanks from end of string
            toEncrypt = toEncrypt.Trim();
     
            byte[] keyArray;
            byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);

            System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader();
            if (String.IsNullOrEmpty(key))
                // Get the key from config file
                key = (string)settingsReader.GetValue("SecurityKey", typeof(String));
            //System.Windows.Forms.MessageBox.Show(key);
            if (useHashing)
            {
                MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
                keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
                hashmd5.Clear();
            }
            else
                keyArray = UTF8Encoding.UTF8.GetBytes(key);

            TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
            tdes.Key = keyArray;
            tdes.Mode = CipherMode.ECB;
            tdes.Padding = PaddingMode.PKCS7;

            ICryptoTransform cTransform = tdes.CreateEncryptor();
            byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
            tdes.Clear();
            return Convert.ToBase64String(resultArray, 0, resultArray.Length);
        }

Open in new window


I integrated the DLL into my web application and it works fine on our testing server.  However when I deployed to our Production server I get the following error:

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.  I researched the error and tried the following to resolve it but have not been successful.

1. Verified "Local Security Setting System Cryptography. Use FIPs compliant algorithms for encryption, hashing, and signing" policy is disabled on our Production server.

2. Verified the registry key for fipsalgorithmpolicy is set to 0.

3. Added <machinekey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES" /> to web.config file under <system.web>.  Restarted IIS.

4. Added <enforceFIPSPolicy enable="false" /> in web.config under <configuration><runtime>.

We are trying to see if the FIPs setting is at the GPO or Domain Controller level and overriding my settings but haven't heard back from our server department yet.

Is there something else I can do or how can I make my algorithm FIPS compliant?
0
Comment
Question by:dyarosh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 38769487
i dont suggest that you disable FIPS esp this is production server. It will be worst off since MD5 is  weaker algorithm compared to SHA1 for hashing  - use SHA1CryptoServiceProvider Class instead

http://stackoverflow.com/questions/13018808/asp-net-this-implementation-is-not-part-of-the-windows-platform-fips-validated-c

Since you already used TripleDESCryptoServiceProvider that is fine and better will be for  AesCryptoServiceProvider (.net3.5 above) Class. But try the SHA1 first :)

This is one good link
http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html
0
 

Author Closing Comment

by:dyarosh
ID: 38774329
This solved the problem of being able to use Hashing but I have another question that I will be posting.  Thanks for your help.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question