System cryptography: Use FIPS compliant cryptographic algorithms, including encryption, hashing and signing algorithms

Similar Messages

• This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms

  Hi Guys,
  I am just going to jump right into it.
  We are using Kaseya for our IT management and with this we have the acronis backup system.
  On one of the servers (Main DC) we are getting the error below.
  The Server runs Windows Server 2008 R2 Standard.
  Backup failed - Backup process could not start because of the following error: This implementation is not part of the Windows Platform FIPS validated cryptographic
  algorithms. at System.Security.Cryptography.SHA256Managed..ctor() at SHAHashing.SHAHashing.CalculateSHA256(String text) at SHAHashing.SHAHashing.HashAndUnmask(String encryptedText, String keyMaskString) at KaseyaBackupCmd.KaseyaBackupCmd.GetUnmaskedPassword(String
  user, String coverPass, VSAEncryptionAlgorithm encryptionType) at KaseyaBackupCmd.KaseyaBackupCmd.DetermineNetworkPasswordToUse(String user, String coverPass, VSAEncryptionAlgorithm encryptionType, String acronisEncryptPath, String kaseyaTempDirectory, String&
  passwordToUse, NetworkPasswordType& passwordType) at KaseyaBackupCmd.KaseyaBackupCmd.RunVolumeBackup() at KaseyaBackupCmd.Program.Run(String[] args)
  We have no Idea how to fix this.  We looked at multiple articles regarding changing the registry and the web.config file etc. but we cannot seem to resolve it.
  Regards

  On Thu, 26 Jun 2014 07:39:56 +0000, Johan Eckart Yzelle wrote:
  I checked the GPO and System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing is disabled however MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy is set to 1.
  How do i change the registry under windows settings > security settings > local policies > security options?
  Enable it, run gpupdate /force, confirm that the value is still 1, disable
  it, run gpupdate /force and then confirm that it is now set to 0.
  Paul Adare - FIM CM MVP
  Being a social outcast helps you stay concentrated on the really important
  things, like thinking and hacking. -- Eric Raymond

• Windows Platform FIPS validated cryptographic algorithm

  I have a fairly simple Script Transformation that is now causing us an issue.  We've upgraded to SQL Server 2012 SP2 on our development servers.   When the package runs, we receive the following coming from the script transformation.
  Error: 2014-08-18 16:18:51.40
  Code: 0xC0047062
  Source: DFT InvTrans Facts SCRXFM Derive something [551]
  Description: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
  at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
  --- End of inner exception stack trace ---
  at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
  at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
  at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
  at System.Security.Cryptography.MD5.Create(String algName)
  at Microsoft.SqlServer.Dts.Pipeline.ScriptComponentHost.GetMetadataChecksum()
  at Microsoft.SqlServer.Dts.Pipeline.ScriptComponentHost.Validate()
  at Microsoft.SqlServer.Dts.Pipeline.ManagedComponentHost.HostValidate(IDTSManagedComponentWrapper100 wrapper)
  End Error
  Of course, it works fine from my workstation because I don't have FIPS turned on. I don't see anything in the stack trace that points to any of my code. It appears to be initializing the component.
  I've seen a few posts in the forums, but they don't seem to fit this exact situation.
  Has anyone seen anything like this?

  Check
  here. Also check what is the workaround.
  SSIS Tasks Components Scripts Services | http://www.cozyroc.com/
  While I realize that this is outside the scope of this forum, I have written a powershell filter to implement the referenced workaround 
  get-childitem -path:d_rawdtsx -filter *.dtsx | MetadataCheckSum-Filter | Copy-Item -Destination .\d_cleandtsx
  If anyone is interested in this script please let me know.

• Have an i pad mini and have started an online course. Documents sent via Dropbox and need to know best app to buy to enable me to use documents offline. Documents include zip files and powerpoint. cheers

  i have an ipad mini and have started online course.documents sent to Dropbox. Mixture of word documents, zip files and powerpoint. Need to be able to use documents offline. any suggestions on suitable app that would enable me to transfer documents and work with them off line?

  Depends on what you mean by "work with them offline". If you mean store the documents so you can access them if not connected to the internet, you already have it: DropBox.you can download files from the cloud an use them offline. You will need an app to handle the zip files: I use File Manager, but there are others. File Manager also intergrates with dropbox, Google Drive, and iCloud. If you only need to read them, these apps will take care of that for you.
  As for editing, there are a few options. All have their limitations.
  Some possible apps to look at:
  Pages, Numbers (Apple)
  Document (by Savy soda)
  document 2 go
  Quickoffice
  CloudOn
  Smart Office
  Make sure to read botht he descriptions and the reveiws carefully

• FIPS Compliant Libaries

  Does anyone know when or why Apple does not have FIPS 140-1 and 140-2 approved modules and or algorithms inherent in the OSX framework? The proof that they do not exist is here:
  http://www.csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html
  http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2009.htm
  The sad thing is even Microsoft is listed for their .NET APIs of having certified cryptographic libraries much how Linux relies on OpenSSL libraries. I will go on to further say that one of the reasons why the IPhone is not adopted into the federal and business workspace is this primary reason because RIM's OS and Microsoft's Pocket PC and CE versions have Certified solutions available.
  What gives?

  Thanks a lot for the reference and timely response!
  Do you know of any IPhone apps that have been certified or better yet in the process of being certified. The apps I found such as eWallet, msecure, Keeper, etc. all say they are using FIPS compliant algorithms but non of their implementations within their app i.e. modules, have been certified either.

• Qosmio X300 - This system cannot use Toshiba Accessibility

  I've succeeded to install all Qosmio X300 drivers on Windows 7 64-bit. Everything's working fine exept this one: "Toshiba Accessibility". When I click on an "Access" key I receive this error message:
  "This system cannot use Toshiba Accessibility"
  Why do I receive this and what is this function?

  Yes, I have installed Toshiba Value Added Package and reinstalled it different times. Furthermore if this Pachage wouldn't be installed, there would no be any "FN Access" key to click on!
  Just when I click this button I receive this strange message! I'm running Windows 7 64-bit. Even FN key itself stopped working. Won't show it's FN functions on display.
  Even after reinstallation of Value Added Package I receive the error message and FN doesn't work!
  Did someone encounter this kind of problem? I don't know what's going on, how to solve this?

• Help needed on using hardware tokens / Smart Cards for encryption

  I need help in filling the following gap in my understanding
  I know about
  1. Using keys in Java keystores to encrypt/decrypt data (Signing, symmetric encryption)
  2. Using Keytool to export a digital certificate to a keystore.
  I need help in knowing
  1. How the certificate stored in secret device is shared with java key stores. Do I need to use some special library.
  2. Is the process of encrypting Secret Key bytes defferent from wrapping the key?
  Specifically, I want to use iKey (USB based security hardware token) in my system, which says that it supports
  �� The PKCS#11 standard library
  �� The MSCAPI and CSP standard libraries
  �� Using automatic certificate registration

  > We have a current Server with 4 x 4 cores, 64 GB RAM, 6TB HDD, Windows 2K8 R2 and SQL Server 2K8 R2. On this server we have installed 6 SAP Servers(both ABAP and JAVA based). We want to install two more SAP servers on this machine but planning to use the Hyper-V Mode to ensure that there is no conflict. With this background here are my queries.
  You should not run SAP instances on the server with the hypervisor (the OS running on the metal). If you want to virtualize, then do it for all instances.
  Read
  Note 1246467 - Hyper-V Configuration Guideline
  Note 1570141 - Key Figures of Virtualization on Hyper-V
  > u2022             Is it possible to take a Image of existing installation (6 SAP Servers and SQL Server) that we have done?
  If they are running on the same OS you will always take images of everything.
  > I think this was possible in VMWare.
  So those 6 servers are virtualized already??
  > The issue I foresee is that in this image the servers are using Machine Name as host. In the Hyper V mode the host name will change. So how will this work?
  The safest way is to do a homogeneous system copy.
  > u2022             Can I run the normal windows mode along with Hyper V. Basically we want to keep our 6 SAP servers running and for the two new servers create two hyper V instances and allocate 2 cores and 4GB RAM each. Is this possible? Or as per Microsoft on the root we should not run any server?
  According to
  Note 1246467 - Hyper-V Configuration Guideline
  this should not be done.
  Markus

• HT4859 Why is not sound recordings included in the back up system, I use them on daily basis?

  Why is not sound recordings included in the back up system, I use them on daily basis?

  HP Backup backs up many folders that are useless, most of your personal files should be in a folder with your old user name in the "Users" folder. This Backup app is also known to be a pain.
  As for why you got the error, which sounds like all files were not extracted, that could be a faulty DVD, something caused a bad write to DVD,etc.
  If you don't see a 'Users' folder, I would probably start by deleting the folder created on Desktop and make a new one either on desktop or in My Documents. Next copy files from each DVD to that new folder. From the folder try running the .EXE file again to see if any better results.
  One other suggestion-go into Control Panel, Folder Options and check to be sure 'Hidden files' are shown.
  If all else fails, install 7Zip and try it to extract the .WIM files.
  ******Clicking the Thumbs-Up button is a way to say -Thanks!.******
  **Click Accept as Solution on a Reply that solves your issue to help others**

• FIPS-compliant SSL as client in XI 7.0

  Hello experts,
  I am configuring an RFC destination in SM59 to send data to an external system via HTTPS.
  The partner requires FIPS 140 compliant cryptography (which means TLSv1 cipher suites) - or else they deny the SSL request.  Everything I have seen thus far shows SSLv3 as the highest encryption level supported in this scenario.
  Wondering if anyone out there has encountered something similar, and if TLSv1 is supported at all in this sort of integration scenario.
  FYI - SAP XI 7.0 SPS 16,  SAPCRYPTOLIB =  5.5.5.C pl22

  Hi
  Unfortunately, the SAP Cryptographic Module is not FIPS compliant and at the moment there are no immediate plans to make it FIPS compliant.
  If you have any further queries regarding this issue you can contact the SAP Security team directly via the email: security at sap.com.                                                       
  Regards
  Mark

• FIPS. Can you configure a FIPS compliant ASA to reject any non-FIPS Anyconnect connections

  Hi guy's, is there any way to automagically refuse any Anyconnect connections to a FIPS compliant ASA if the Anyconnect client is non-FIPS compliant?
  Any help, thoughts or ideas are greatly appreciated as I can't seem to find anything to suggest you can.   
  Kind regards
  Paul.

  You enable FIPS compliance for the core AnyConnect Security Mobility  Client in the local policy file on the user computer. This file is an  XML file containing security settings, and is not deployed by the ASA.  The file must be installed manually or deployed to a user computer using  an enterprise software deployment system. You must purchase a FIPS  license for the ASA the client connects to.
  AnyConnect Local Policy parameters reside in the XML file AnyConnectLocalPolicy.xml.  This file is not deployed by the ASA. You must deploy this file using  corporate software deployment systems or change the file manually on a  user computer.
  You can get more information from following link:-
  http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect24/release/notes/anyconnect24rn.html#wp1028083
  HTH!!
  Regards,
  Naresh

• Does SunJDK support fips compliant?

  I could see IBM JCE has FIPS compliant. Can we have samething for SUN. I would appreciate if I get the ans as early as possible.
  We are in process of ceritifying fips compliant.
  Thanks in advance!
  Regards,
  Tamil.

  Thanks a lot!! for your quick reponse.
  Here is the snippet .....
  public class HashKey {
  public static SecretKey generateSHA1Key() {
  SecretKey skey = null;
  try {
  KeyGenerator keyGen = KeyGenerator.getInstance("HmacSHA1");
  skey = keyGen.generateKey();
  catch (NoSuchAlgorithmException ex) {
  System.out.println(ex);
  return skey;
  public static void main(String[] args) {
  // check args and get plaintext
  //args[1] = "/work2/tamil/test";
  if (args.length !=1) {
  System.err.println
  ("Usage: java HmacSHA1KeyGenerator filename");
  System.exit(1);
  writeKeyToFile("hmacsha1key",generateSHA1Key());
  public static void writeKeyToFile(String fname , SecretKey key)
  try {
  File f = new File(fname);
  FileOutputStream fout = new FileOutputStream(f);
  fout.write(key.getEncoded());
  fout.close();
  System.out.println("key written successfully to: " + f.getAbsolutePath());
  catch (IOException ex) {
  System.out.println(ex);
  works find If use SunJCE or IBMJCE getting an exception, when I try to use
  security.provider.1=com.ibm.crypto.fips.provider.IBMJCEFIPS
  security.provider.2=com.ibm.crypto.provider.IBMJCE
  security.provider.3=com.ibm.jsse.IBMJSSEProvider
  security.provider.4=com.ibm.security.cert.IBMCertPath
  security.provider.5=com.ibm.crypto.pkcs11.provider.IBMPKCS11
  security.provider.6=com.ibm.security.jgss.IBMJGSSProvider
  this configuration with IBM JCE ... inside our driver also we are trying to use the same kind of snippet.

• I have a WD 2 tb hard drive that I want to use to back up my Mac Pro quad core.  How do I create a back up startup disk?  Also, when I used Time macine, it only backed up users and not the system or library folders.  Ideas?

  I have a WD 2 tb hard drive that I want to use to back up my Mac Pro quad core.  How do I create a back up startup disk?  Also, when I used Time macine, it only backed up users and not the system or library folders.  Ideas?

  Welcome to Apple Support Communities
  Time Machine should be enough to make a backup of your files. Also, it should back up all folders, so open System Preferences > Time Machine > Options, and make sure that there are no folders included in the excluded items list.
  If you want to create a bootable clone of your hard drive, you need to use an app like Carbon Copy Cloner or the Disk Utility's Restore feature > http://pondini.org/OSX/DU7.html

• I want to add your local cryptographic algorithms to firefox. What I must modify except NSS?

  I want to add some local cryptographic algorithms to Firefox. I know, that I must modify NSS. I can, for example, modify only NSS and use this libraries in browser, or I must do something else with Firefox?

  Duplicate: https://support.mozilla.org/en-US/questions/1013323
  I will lock this thread.

• I cant seem to find any of the previous fx textures that i used to have before. Including the nature ones such as water, wall and moon textures.

  I cant seem to find any of the previous fx textures that i used to have before. Including the nature ones such as water, wall and moon textures.

  Please give us some more information: Photoshop version and OS version (First two lines of Help > System Info).
  Did these textures come with your install or are they from a third party?
  How did you access them before? Usually Textures are Presets you load into your Patterns dialog. If you install a new version of Photoshop or Reset Photoshop, you have to go into the Patterns Panel menu and reload them.

• How to read system evenlog using java program in windows

  How to read system evenlog using java program in windows???
  is there any java class available to do this ? or any one having sample code for this?
  Your friend Zoe

  Welcome to the Sun forums.
  >
  How to read system evenlog using java program in windows???>
  JNI. (No.)
  >
  is there any java class available to do this ? or any one having sample code for this?>You will generally get better help around here if you read the documentation, try some sample code and come back with a specific question (hopefully with an SSCCE included).
  >
  Your friend Zoe>(raised eyebrow) Thank you for sharing that with us.
  Note also that one '?' denotes a question, while 2 or more generally denotes a dweeb.