Can you tell me if resulting installers created with Advanced Installer (as opposed to building it on a dev workstation) are NIST FIPS 140-2 compliant? In short this means that if any encryption takes place, it uses only NIST FIPS compliant cryptographic modules. For Microsoft .Net, classes that are FIPS compliant will end with "Cng" or "CryptoServiceProvider" and *not* include the word "Managed" - see also http://technet.microsoft.com/en-us/libr ... 57.aspx#e1. Others are listed at http://csrc.nist.gov/groups/STM/cmvp/do ... al-all.htm.
So if the FIPSAlgorithmPolicy security policy (see http://support.microsoft.com/kb/811833) is enabled on a machine, will the installation work?
Suggested Articles
-
GabrielBarbu
- Posts: 2146
- Joined: Thu Jul 09, 2009 11:24 am
- Contact: Website
Re: Are resulting installers FIPS Encryption Compliant?
Hello,
There are some encryption algorithms provided only for convenience which are custom:
- predefined fix set of serials
- algorithm verified serials
These are used for serial validation and can be configured from Serial Validation page.
However the recommended way is to use your own validation method. For better protection the validation should be done by the application itself (using licensing feature), instead of the MSI package.
Any other encryption that may be used throughout the installation is using the CryptoAPI.
Regards,
Gabriel
There are some encryption algorithms provided only for convenience which are custom:
- predefined fix set of serials
- algorithm verified serials
These are used for serial validation and can be configured from Serial Validation page.
However the recommended way is to use your own validation method. For better protection the validation should be done by the application itself (using licensing feature), instead of the MSI package.
Any other encryption that may be used throughout the installation is using the CryptoAPI.
Regards,
Gabriel