Have to test a c# application from client that is to work on a machine that has FIPS enbaled
To use the group policy setting, open the Group Policy Editor, navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options, and enable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing setting.
In Security Settings, expand Local Policies, and then click Security Options. Under Policy in the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing, and then click Disabled.
Navigate to “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\”. Look at the “Enabled” value in the right pane. If it's set to “0”, FIPS mode is disabled. If it's set to “1”, FIPS mode is enabled.
First, be aware of what actually happens when you enforce FIPS140-2 complient encryption within Windows. Details are at http://technet.microsoft.com/en-us/library/cc750357.aspx. However, the main 'gotcha' (old SSL website's don't work in IE anymore) is detailed in the article linked below.
The official instructions to enable FIPS 140-2 complience are at http://support.microsoft.com/kb/811833, but can be summarised as follows:
If you wish to do this manually, you can also simply change the registry key HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
to 1
Finally, to repeat, it is very important that you read through the documentation before you enable this - it changes cryptography system wide, including how the file system (both EFS and Bitlocker) and network (IE, Remote Desktop and the main cryptographic libraries) are allowed to encrypt, as well as if you allowed to recover lost encryption keys.
As an alternative, for Windows 7 users (with admin rights), this is one of the "Network Properties". Step by step:
Also, have in mind:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With