Geek Answers Handbook

Develop VS on an FDCC-compatible workstation

I have an FDCC compatible workstation with FIPS 140-1 enabled (level 1).

Now I can not run / debug any VS 2005/2008 applications on my machine

The following error message appears in the browser

Parser Error Message: This implementation is not part of the cryptographic Windows FIPS authentication algorithms.

The error points to line No. 1 of the default.aspx.cs file

using the system;

The only way to successfully debug / run my application is to install the following registry key: 0

HKLM \ System \ CurrentControlSet \ Control \ Lsa \ fipsalgorithmpolicy

I understand that there are some cryptographic algorithms that do not match FIPS on XP SP2, but I do not use cryptography at all. In this case, the solution contains only the default.aspx page with the default code in the .cs file, and even this does not work.

So my question is why the webpage is not loading, and why the error points to line # 1 "using System"; statement?

My next question is how can I develop FIPS compatible block processing when I don't have edit rights in the registry

Thanks kudlur

+4
source share
3 answers

Apparently, in addition to using non-binding encryption algorithms, just having debug = "true" in your webconfig can cause this to happen in .NET 2.0 web applications.

<system.web> <compilation debug="true"> </system.web>

In addition, if you use viewstate, you will need this key in the system.web section of the web.config file:

 <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

Thus, you CANNOT run applications in debug mode on FIPS compatible machines. I would ask your GPO to disable this for dev machines, or at least let you turn it on and off so that you can still test using fips. This is due to the debate on development on machines without full administrator rights, this is a vivid example of what obstacles and troubles arise without administrator rights ... but I'm distracted.

here are some reference articles about this FIPS thing:

http://blogs.msdn.com/shawnfa/archive/2005/05/16/417975.aspx

http://blogs.msdn.com/shawnfa/archive/2008/03/14/disabling-the-fips-algorithm-check.aspx

http://support.microsoft.com/default.aspx?scid=kb;EN-US;811833

http://support.microsoft.com/kb/911722

http://blogs.iis.net/webtopics/archive/2009/07/20/parser-error-message-this-implementation-is-not-part-of-the-windows-platform-fips-validated-cryptographic- algorithms-when-net-page-has-debug-true.aspx

+2
source

We had the same problems in our place. In a nutshell, the data in the view in your web form is encrypted using the RijndaelManaged implementation of the AES algorithm, which is NOT FIPS compliant. The simplest solution is to add the following (or similar) line to the web.config file that defines 3DES encryption. 3DES is compatible with FIPS.

<machineKey validationKey = "AutoGenerate, IsolateApps" decryptionKey = "AutoGenerate, IsolateApps" validation = "3DES" decryption = "3DES" />

You can get more information about various FIPS compatible algorithms at http://csrc.nist.gov/groups/STM/cavp/index.html .

Hope this helps.

+1
source

More articles:


All Articles