ASP.NET 2.0 RijndaelManaged的加密算法与FIPS [英] ASP.NET 2.0 RijndaelManaged encryption algorithm vs. FIPS
问题描述
我遇到的问题与ASP.NET 2.0应用程序。我们的网络乡亲刚刚调升我们的安全,现在我得到的floowing错误,每当我尝试访问该应用程序:
I'm running into an issue with an ASP.NET 2.0 application. Our network folks just upped our security, and now I get the floowing error whenever I try to access the app:
此实现不验证的加密算法的Windows平台FIPS的一部分。
"This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."
我已经做了一些研究,这听起来像ASP.NET使用RijndaelManaged的AES加密算法的加密ViewState的页面...和RijndaelManaged的是那些不符合FIPS的算法就行了。我们当然不显式调用的任何的加密算法......不符合要求的名单上的任何东西要少得多。
I've done a little research, and it sounds like ASP.NET uses the RijndaelManaged AES encryption algorithm to encrypt the ViewState of pages... and RijndaelManaged is on the list of algorithms that aren't FIPS compliant. We're certainly not explicitly calling any encryption algorithm... much less anything on the non-compliant list.
本的ViewState业务对我来说很有意义,我猜。我不能糊里糊涂出来的东西,虽然是做什么了。我发现,建议使用一个web.config设置指定不同的算法 KB文章 ...但要么没有坚持,或者说算法是不及格,无论是。
This ViewState business makes sense to me, I guess. The thing I can't muddle out, though, is what to do about it. I've found a KB article that suggests using a web.config setting to specify a different algorithm... but either that didn't stick, or that algorithm isn't up to snuff, either.
所以:
1)是RijndaelManaged的/ ViewState的东西其实问题?还是我找错了树?
1) Is the RijndaelManaged / ViewState thing actually the problem? Or am I barking up the wrong tree?
2)如何我指定要改为使用哪种算法RijndaelManaged的呢?我得的是和不兼容的算法列表;我只是不知道在哪里插上的信息
2) How to I specify what algorithm to use instead of RijndaelManaged? I've got a list of algorithms that are and aren't compliant; I'm just not sure where to plug that information in.
谢谢!
理查德
推荐答案
仔细检查你没有<编译调试=真/> 中你的web.config。当调试编译设置,.NET使用MD5哈希一些内部簿记。所以你得到这个错误MD5不符合FIPS。
Double check that you don't have <compilation debug="true" /> in your Web.config. When debug compilation is set, .NET uses an MD5 hash for some internal bookkeeping. MD5 is not FIPS compliant so you get this error.
这篇关于ASP.NET 2.0 RijndaelManaged的加密算法与FIPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
