是否有一个键控SHA256散列算法是FIPS兼容的。NET？ [英] Is there a keyed SHA256 hash algorithm that is FIPS compliant for .NET?

问题描述

我创建使用HMACSHA256用下面的代码键控SHA256哈希值：

I am creating a keyed SHA256 hash using HMACSHA256 with the following code:

HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey);
byte[] hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(data));

string hashResult = string.Empty;
for (int i = 0; i < hash.Length; i++)
{
    hashResult += hash[i].ToString("x2"); // hex format
}

这是工作得很好，但是，它在使环境中的FIPS失败，因为HMACSHA256采用了底层SHA256Managed实现，它是本身不符合FIPS。

This is working just fine, however, it fails in a FIPS enabled environment because HMACSHA256 uses an underlying SHA256Managed implementation which is itself not FIPS compliant.

通过MSDN文档搜索我发现KeyedHashAlgorithm的唯一SHA256实现HMACSHA256。

Searching through MSDN documentation I find that the only SHA256 implementation of KeyedHashAlgorithm is HMACSHA256.

我需要签署Web服务请求，键控SHA256哈希（所以我不能改变散列式），我必须能够在启用环境FIPS运行。

I am required to sign web service requests with a keyed SHA256 hash (so I can't change the hash type), and I must be able to run in a FIPS enabled environment.

谷歌搜索显示，SHA256CryptoServiceProvider和SHA256Cng都是符合FIPS的方法来创建SHA256哈希，但也似乎支持键控散列的创建。

Googling shows that both SHA256CryptoServiceProvider and SHA256Cng are FIPS compliant ways to create SHA256 hashes, but neither seem to support the creation of keyed hashes.

推荐答案

没有，没有。 这里是那些名单是（向下滚动到<$ C 。$ C> FIPS.sys算法部分）

No, there is not. Here is a list of ones that are (scroll down to FIPS.sys Algorithms section).

一个工作围绕我用诠释他过去的here ，但我不知道是否会为Web服务工作。 这解决方案可以工作。

A work around I've used int he past is here, but I'm not sure if that will work for web services. This solution could work.

这篇关于是否有一个键控SHA256散列算法是FIPS兼容的。NET？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！