1

I am using C# EncryptedXml class and calling the method Encrypt(XmlElement, x509Cert).

The code looks like this:

Encrypted eXml = new EncryptedXml();
EncryptedData edElement = eXml.Encrypt(elementToEncrypt, Cert);

My program errors out saying "This implementation is not part of the Windows FIPS validated cryptographic algorithms" I have to use FIPS compliant algorithms.

Do you know of a replacement for this method that is FIPS compliant?

Madrice Guy
  • 11
  • 3
  • You should provide all the information available to you, such as the algorithms used, the code to generate the ciphertext and the exact error. Read your question to yourself before posting; does the title really say what you want it to say? – Maarten Bodewes Feb 28 '19 at 21:28
  • how about now? that is all there is too it. – Madrice Guy Feb 28 '19 at 21:35
  • It could well be that the XML encryption itself did not go through the FIPS validation. Note that the .NET framework uses a provider based architecture. The XML encryption part may well be seen as a *high level* crypto provider. It could, in other words, possibly show this exception even if the underlying algorithms (such as AES or 3 key triple DES) **are** FIPS compliant. Unfortunately I don't know if above is true or what other options there are. – Maarten Bodewes Feb 28 '19 at 22:07
  • Note that the XML examples of Microsoft for the constructor contains some methods of replacing the key used. You should be able to set an AES / Rijndael session key for RSA based encryption (assuming your certificate contains an RSA key). XML enc is a *container format* used to encrypt data; it uses different kind of algorithms underneath. – Maarten Bodewes Feb 28 '19 at 22:22
  • The RijndaelManaged is not FIPS either. Can you post some links of replacing the key or any other examples you know of? – Madrice Guy Mar 01 '19 at 16:41
  • RijndaelManaged provides an implementation of AES. The AES *algorithm* is FIPS compliant. If you're trying to create an implementation that can be *certified* as a FIPS compliant solution then you need professional support. If you are required to use certified FIPS implementations then you should search for them, basically turning this question in a reference request. I'd go back to the person that gave you the assignment and ask for clarification - unless you already know exactly what is required.. – Maarten Bodewes Mar 01 '19 at 23:09

0 Answers0