c# - How to enforce FIPS in asp.net code (This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.) -


my company has project created asp.net in .net framework 3.5 , windows web server 2008 r2 host project.

in web server, enabled setting "system cryptography: use fips compliant algorithms encryption, hashing, , signing"

after after application not run. shows following error

parser error message: implementation not part of windows platform fips validated cryptographic algorithms.

stack trace:

[invalidoperationexception: implementation not part of windows platform fips validated cryptographic algorithms.]    system.security.cryptography.rijndaelmanaged..ctor() +7715396    system.web.configuration.machinekeysection.configureencryptionobject() +232    system.web.configuration.machinekeysection.ensureconfig() +156    system.web.configuration.machinekeysection.getencodeddata(byte[] buf, byte[] modifier, int32 start, int32& length) +37    system.web.ui.objectstateformatter.serialize(object stategraph) +166    system.web.ui.objectstateformatter.system.web.ui.istateformatter.serialize(object state) +4    system.web.ui.util.serializewithassert(istateformatter formatter, object stategraph) +37    system.web.ui.hiddenfieldpagestatepersister.save() +79    system.web.ui.page.savepagestatetopersistencemedium(object state) +105    system.web.ui.page.saveallstate() +236    system.web.ui.page.processrequestmain(boolean includestagesbeforeasyncpoint, boolean includestagesafterasyncpoint) +1099

we looking solutions this. of solutions found online suggesting disable fips checking disabling setting "system cryptography: use fips compliant algorithms encryption, hashing, , signing". or adding these 2 lines in web.config.

<machinekey validationkey="autogenerate,isolateapps" decryptionkey="autogenerate,isolateapps" validation="3des" decryption="3des"/> <enforcefipspolicy enabled="false"/>

but don't want disable fips checking our code security purpose. instead want adjust our code or server setting enforce fips policy in project interpreting functionalities.

can provide me idea on this?

there relevant msdn blog. try following registry changes:

  • hklm\system\currentcontrolset\control\lsa\fipsalgorithmpolicy\enabled registry value reflects current fips setting. if setting enabled, value 1. if setting disabled, value 0.
  • hklm\system\currentcontrolset\control\lsa\fipsalgorithmpolicy registry value reflects current fips setting. if setting enabled, value 1. if setting disabled, value 0.

after enable or disable system cryptography: use fips compliant algorithms encryption, hashing, , signing security setting, must restart application, such internet explorer, new setting take effect.

in case, should sufficient recycle website's app domain.

note comment @basic, enabling fips mode while potentially necessary interact government systems, can cause other security headaches.


Comments

Post a Comment

Popular posts from this blog

jOOQ update returning clause with Oracle -

according http://www.jooq.org/doc/3.8/manual/sql-building/sql-statements/update-statement/ jooq doesn't support returning clause in update statements databases except firebird , postgres. does know, still correct oracle jooq? according oracle's documentation, oracle db supports returning clase delete, insert, or update statements. incorrect manual you're right - manual wrong , should fixed: https://github.com/jooq/jooq/issues/5470 single row update returning jooq 3.8 added support single row update .. returning statements. internally, uses callablestatement , pl/sql block of form: begin update "my_table" set "my_table"."column" = 'xyz' "my_table"."id" = 1 returning "my_table"."id", "my_table"."column" ?, ?; ? := sql%rowcount; end; the relevant issue is: https://github.com/jooq/jooq/issues/5190 multi row update returning a...
Read more

java - Warning equals/hashCode on @Data annotation lombok with inheritance -

i have entity inherits other. on other hand, i'm using lombok project reduce boilerplate code, put @data annotation. annotation @data inheritance produces next warning: generating equals/hashcode implementation without call superclass, though class not extend java.lang.object. if intentional, add '@equalsandhashcode(callsuper=false)' type. is advisable add annotation @equalsandhashcode (callsuper = true) or @equalsandhashcode (callsuper = false) ? if not added, 1 callsuper=false or callsuper=true ? the default value false . 1 if don't specify , ignore warning. yes, recommended add @equalsandhashcode annotation on @data annotated classes extend else object. cannot tell if need true or false , depends on class hierarchy, , need examined on case-by-case basis. however, project or package, can configure in lombok.config call super methods if not direct subclass of object. lombok.equalsandhashcode.callsuper = call for configuration system ...
Read more

java - BasicPathUsageException: Cannot join to attribute of basic type -

i using java 8 jpa (hibernate 5.2.1). have clause works perfectly, until introduce clause make use foreign key table values too. i getting following error: basicpathusageexception: cannot join attribute of basic type i think problem related fact have join table, , not sure how create join using join table. employee - employee_category - category model (employee.java): @manytomany(cascade = cascadetype.all, fetch=fetchtype.eager) @jointable ( name="employee_category", joincolumns={ @joincolumn(name="emp_id", referencedcolumnname="id") }, inversejoincolumns={ @joincolumn(name="cat_id", referencedcolumnname="id") } ) private set<category> categories; model (category.java): @id private string id; jpa when introduce following code, fails error above (i think problem new piece of code): join<t, category> category = from.join("id"); predicates.add(criteriabuilder.like(category....
Read more