NeatUpload and FIPS-compliant algorithms for encryption security

classic Classic list List threaded Threaded
4 messages Options
ad
Reply | Threaded
Open this post in threaded view
|

NeatUpload and FIPS-compliant algorithms for encryption security

ad
We are in the process of getting our web servers to use FIPS (Federal Information Processing Standard) compliant algorithms for encryption. However we are having problems with implementing this due to NeatUpload. The error message we get is:

"{"The type initializer for 'Brettle.Web.NeatUpload.Config' threw an exception."}|- {"Exception has been thrown by the target of an invocation."}|- {"This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."}".

And the stack trace:
</style>

[InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]

   System.Security.Cryptography.RijndaelManaged..ctor() +7704548

 

[TargetInvocationException: Exception has been thrown by the target of an invocation.]

   System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) +0

   System.RuntimeMethodHandle.InvokeConstructor(Object[] args, SignatureStruct signature, RuntimeTypeHandle declaringType) +15

   System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) +380

   System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args) +500

   System.Security.Cryptography.SymmetricAlgorithm.Create(String algName) +7

   System.Security.Cryptography.SymmetricAlgorithm.Create() +12

   Brettle.Web.NeatUpload.Config..cctor() +294

 

[TypeInitializationException: The type initializer for 'Brettle.Web.NeatUpload.Config' threw an exception.]

   Brettle.Web.NeatUpload.Config.get_Current() +0

   Brettle.Web.NeatUpload.UploadHttpModule.Application_BeginRequest(Object sender, EventArgs e) +145

   System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68

   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75



 The version of NeatUpload in use is 1.2.30 which I downloaded back in August (2008), and it includes the entire source code.
Reply | Threaded
Open this post in threaded view
|

Re: NeatUpload and FIPS-compliant algorithms for encryption security

Dean Brettle
Administrator
NeatUpload calls SymmetricAlgorithm.Create() with no parameters. I suspect that creates an instance of the system's default symmetric encryption algorithm. You might be able to configure that default in Windows somehow. If you can' figure it out let me know and I'll look into it when I have better web access.
ad
Reply | Threaded
Open this post in threaded view
|

Re: NeatUpload and FIPS-compliant algorithms for encryption security

ad
What we've done so far is add something like this to the web.config files of the other applications sitting on the same web server: <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="SHA1"/>.
However on looking at NeatUpload's source code, there is no .config file included. What there is is a Config.cs class file; I am unsure of how to add or modify it to have the the equivalent tag at compile time. That's where I need your help. At the moment I am researching the web for how to go about it but have not found a solution I understand yet.
Reply | Threaded
Open this post in threaded view
|

Re: NeatUpload and FIPS-compliant algorithms for encryption security

Dean Brettle
Administrator
Apparently, there is no way to configure the default algorithms used by .NET, so I've added to NeatUpload-1.3.4 (just released) support for changing the algorithms that NeatUpload uses.

Let me know if that works for you.

--Dean