InvalidOperationException raised on FIPS-enabled systems.

Issue #1 new
obviex
repo owner created an issue

When attempting to use CipherSafe.NET on a system with the FIPS-compliant algorithms for encryption, hashing, and signing policy enabled, the following exception gets raised:

System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

Comments (1)

  1. obviex reporter

    Microsoft only started enforcing FIPS compliance in .NET Framework 2.0, after CipherSafe.NET was released and it has been a few years since we received the first complaint about it (apparently, not many customers of ours use FIPS-enabled systems). The problem here is that none of the managed cryptography classes that the product uses (such as RijndaelManaged), have been FIPS-certified. It does not mean that they are in any way worse (or less secure) than their unmanaged counterparts (such as AesCryptoServiceProvider), it's just that Microsoft chose to bypass the formal NIST certification process (see When will C# AES algorithm be FIPS compliant?).

    Fortunately, there is a workaround that allows .NET applications to use CipherSafe.NET on a FIPS-enabled system. To make it work, set the enabled flag of the configuration/runtime/enforceFIPSPolicy section in your application's app.config, web.config (or system machine config) file to false (see Disabling the FIPS Algorithm Check).

    We are planning to add FIPS support in a future release (tentatively scheduled for 1.7). In the meantime, please use the workaround.

  2. Log in to comment