是否有一个键控SHA256散列算法是FIPS兼容的。NET? [英] Is there a keyed SHA256 hash algorithm that is FIPS compliant for .NET?
问题描述
我创建使用HMACSHA256用下面的代码键控SHA256哈希值:
I am creating a keyed SHA256 hash using HMACSHA256 with the following code:
HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey);
byte[] hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(data));
string hashResult = string.Empty;
for (int i = 0; i < hash.Length; i++)
{
hashResult += hash[i].ToString("x2"); // hex format
}
这是工作得很好,但是,它在使环境中的FIPS失败,因为HMACSHA256采用了底层SHA256Managed实现,它是本身不符合FIPS。
This is working just fine, however, it fails in a FIPS enabled environment because HMACSHA256 uses an underlying SHA256Managed implementation which is itself not FIPS compliant.
通过MSDN文档搜索我发现KeyedHashAlgorithm的唯一SHA256实现HMACSHA256。
Searching through MSDN documentation I find that the only SHA256 implementation of KeyedHashAlgorithm is HMACSHA256.
我需要签署Web服务请求,键控SHA256哈希(所以我不能改变散列式),我必须能够在启用环境FIPS运行。
I am required to sign web service requests with a keyed SHA256 hash (so I can't change the hash type), and I must be able to run in a FIPS enabled environment.
谷歌搜索显示,SHA256CryptoServiceProvider和SHA256Cng都是符合FIPS的方法来创建SHA256哈希,但也似乎支持键控散列的创建。
Googling shows that both SHA256CryptoServiceProvider and SHA256Cng are FIPS compliant ways to create SHA256 hashes, but neither seem to support the creation of keyed hashes.
推荐答案
没有,没有。 这里是那些名单是(向下滚动到<$ C 。$ C> FIPS.sys算法部分)
No, there is not. Here is a list of ones that are (scroll down to FIPS.sys Algorithms
section).
一个工作围绕我用诠释他过去的here ,但我不知道是否会为Web服务工作。 这解决方案可以工作。
A work around I've used int he past is here, but I'm not sure if that will work for web services. This solution could work.
这篇关于是否有一个键控SHA256散列算法是FIPS兼容的。NET?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!