是否有一个键控SHA256散列算法是FIPS兼容的。NET?
我创建使用HMACSHA256用下面的代码键控SHA256哈希值:
I am creating a keyed SHA256 hash using HMACSHA256 with the following code:
HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey);
byte[] hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(data));
string hashResult = string.Empty;
for (int i = 0; i < hash.Length; i++)
{
hashResult += hash[i].ToString("x2"); // hex format
}
这是工作得很好,但是,它在使环境中的FIPS失败,因为HMACSHA256采用了底层SHA256Managed实现,它是本身不符合FIPS。
This is working just fine, however, it fails in a FIPS enabled environment because HMACSHA256 uses an underlying SHA256Managed implementation which is itself not FIPS compliant.
通过MSDN文档搜索我发现KeyedHashAlgorithm的唯一SHA256实现HMACSHA256。
Searching through MSDN documentation I find that the only SHA256 implementation of KeyedHashAlgorithm is HMACSHA256.
我需要签署Web服务请求,键控SHA256哈希(所以我不能改变散列式),我必须能够在启用环境FIPS运行。
I am required to sign web service requests with a keyed SHA256 hash (so I can't change the hash type), and I must be able to run in a FIPS enabled environment.
谷歌搜索显示,SHA256CryptoServiceProvider和SHA256Cng都是符合FIPS的方法来创建SHA256哈希,但也似乎支持键控散列的创建。
Googling shows that both SHA256CryptoServiceProvider and SHA256Cng are FIPS compliant ways to create SHA256 hashes, but neither seem to support the creation of keyed hashes.
没有,没有。 这里是那些名单是(向下滚动到 FIPS.sys算法部分)
No, there is not. Here is a list of ones that are (scroll down to FIPS.sys Algorithms section).
一个工作围绕我用诠释他过去的here ,但我不知道是否会为Web服务工作。 这解决方案可以工作。
A work around I've used int he past is here, but I'm not sure if that will work for web services. This solution could work.