none
Rijndael Encryption Compliance RRS feed

Answers

  • Microsoft .NET Framework applications such as Microsoft ASP.NET only allow for using algorithm implementations that are certified by NIST to be FIPS 140 compliant. Specifically, the only cryptographic algorithm classes that can be instantiated are those that implement FIPS-compliant algorithms. The names of these classes end in "CryptoServiceProvider" or "Cng". Any attempt to create an instance of other cryptographic algorithm classes, such as classes with names ending in "Managed", cause an InvalidOperationException exception to occur. Additionally, any attempt to create an instance of a cryptographic algorithm that is not FIPS compliant, such as MD5, also causes an InvalidOperationException exception.
  • Marked as answer by Zhi-Xin Ye Tuesday, December 16, 2008 4:11 AM
Tuesday, December 9, 2008 9:20 PM
  • Do you mean the Rijndael algorithm in general? Or the .NET implementation?

    If you mean the .NET implementation, then it depends on a number of factors.
    The RijndaelManaged class is not FIPS certified at all.

    The AesCryptoServiceProvider class (which uses the Rijndael algorithm for block encryption) uses the Windows' Cryptographic Service Provider API. This class is mostly just a .NET shell that passes the data onto one of various Windows DLLs written in C/C++ to do the actual encryption. So *IF* you are running the code on Windows Server 2003 SP1, then it is FIPS 140-2 certified becuse the MS Enhanced Security Crypto Service Provider DLL on Server2003 SP1 is FIPS 140-2 certified for AES. Also, Windows might have to be in "FIPS mode", though I can't recall exactly.


    -Rob Teixeira
    • Marked as answer by Zhi-Xin Ye Tuesday, December 16, 2008 4:11 AM
    Wednesday, December 10, 2008 1:39 AM
  • All replies

    • Microsoft .NET Framework applications such as Microsoft ASP.NET only allow for using algorithm implementations that are certified by NIST to be FIPS 140 compliant. Specifically, the only cryptographic algorithm classes that can be instantiated are those that implement FIPS-compliant algorithms. The names of these classes end in "CryptoServiceProvider" or "Cng". Any attempt to create an instance of other cryptographic algorithm classes, such as classes with names ending in "Managed", cause an InvalidOperationException exception to occur. Additionally, any attempt to create an instance of a cryptographic algorithm that is not FIPS compliant, such as MD5, also causes an InvalidOperationException exception.
    • Marked as answer by Zhi-Xin Ye Tuesday, December 16, 2008 4:11 AM
    Tuesday, December 9, 2008 9:20 PM
  • Do you mean the Rijndael algorithm in general? Or the .NET implementation?

    If you mean the .NET implementation, then it depends on a number of factors.
    The RijndaelManaged class is not FIPS certified at all.

    The AesCryptoServiceProvider class (which uses the Rijndael algorithm for block encryption) uses the Windows' Cryptographic Service Provider API. This class is mostly just a .NET shell that passes the data onto one of various Windows DLLs written in C/C++ to do the actual encryption. So *IF* you are running the code on Windows Server 2003 SP1, then it is FIPS 140-2 certified becuse the MS Enhanced Security Crypto Service Provider DLL on Server2003 SP1 is FIPS 140-2 certified for AES. Also, Windows might have to be in "FIPS mode", though I can't recall exactly.


    -Rob Teixeira
    • Marked as answer by Zhi-Xin Ye Tuesday, December 16, 2008 4:11 AM
    Wednesday, December 10, 2008 1:39 AM