dyarosh
asked on
FIPS Compliance
We need to encrypt sensitive data in our database for our internal Web Application written in VS 2010 C# and using a MS SQL Server 2005 database.
I created a DLL to handle the encryption function. Here is the code:
I integrated the DLL into my web application and it works fine on our testing server. However when I deployed to our Production server I get the following error:
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. I researched the error and tried the following to resolve it but have not been successful.
1. Verified "Local Security Setting System Cryptography. Use FIPs compliant algorithms for encryption, hashing, and signing" policy is disabled on our Production server.
2. Verified the registry key for fipsalgorithmpolicy is set to 0.
3. Added <machinekey validationKey="AutoGenerat
4. Added <enforceFIPSPolicy enable="false" /> in web.config under <configuration><runtime>.
We are trying to see if the FIPs setting is at the GPO or Domain Controller level and overriding my settings but haven't heard back from our server department yet.
Is there something else I can do or how can I make my algorithm FIPS compliant?
I created a DLL to handle the encryption function. Here is the code:
public string Encrypt(string toEncrypt, bool useHashing, string key)
{
// If string is null or whitespace, return toEncrypt
if (String.IsNullOrEmpty(toEncrypt) || String.IsNullOrWhiteSpace(toEncrypt) || toEncrypt.Equals(DBNull.Value))
return toEncrypt;
// Strip blanks from end of string
toEncrypt = toEncrypt.Trim();
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);
System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader();
if (String.IsNullOrEmpty(key))
// Get the key from config file
key = (string)settingsReader.GetValue("SecurityKey", typeof(String));
//System.Windows.Forms.MessageBox.Show(key);
if (useHashing)
{
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
hashmd5.Clear();
}
else
keyArray = UTF8Encoding.UTF8.GetBytes(key);
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
tdes.Key = keyArray;
tdes.Mode = CipherMode.ECB;
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateEncryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
tdes.Clear();
return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}I integrated the DLL into my web application and it works fine on our testing server. However when I deployed to our Production server I get the following error:
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. I researched the error and tried the following to resolve it but have not been successful.
1. Verified "Local Security Setting System Cryptography. Use FIPs compliant algorithms for encryption, hashing, and signing" policy is disabled on our Production server.
2. Verified the registry key for fipsalgorithmpolicy is set to 0.
3. Added <machinekey validationKey="AutoGenerat
4. Added <enforceFIPSPolicy enable="false" /> in web.config under <configuration><runtime>.
We are trying to see if the FIPs setting is at the GPO or Domain Controller level and overriding my settings but haven't heard back from our server department yet.
Is there something else I can do or how can I make my algorithm FIPS compliant?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER