Wednesday, August 4, 2010

ASP.NET: FIPS validated cryptographic algorithms

Top of Form

"Parser Error Message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms." when .net page has debug="true"

Recently, I came across an issue an FIPS (Federal Information Processing Standards) related error on the .aspx pages which had debug="true".

Looking at the error, we know that there are articles like KB 911722 and a good blog - Enforcing FIPS Certified Cryptography which discuss the same issue.

In Windows Server 2008, the FIPS related registry key is:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy] "Enabled"=dword:00000000

With the setting "Enabled"=dword:00000000 we know the FIPS enforcement is disabled.

Check the Local Security Policy setting on the server, at Administrative Tools -> Local Security Policy -> Local Policies -> Security Options -> "System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing" and it showed that it was disabled.

on Windows Server 2003, the registry key for FIPS is

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "fipsalgorithmpolicy"=dword:00000001


  1. To resolve the customer's problem, we removed "fipsalgorithmpolicy"=dword:00000001 from [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa].


  1. Disable the FIPS Policy in Web.Config : <enforceFIPSPolicy enabled="false"/>

No comments:

Post a Comment