Try it with a standalone aplication to get the stack trace. In my machine
applications run until they find non compliant code and then throw an
exception. I'm sure there's nothing in the code that can trigger a FIPS error.
Just a remark, FIPS errors only show up if running algorithms in the
System.Security.Cryptography namespace. It can't guess if other algorithms are
running with some other code as in the bouncycastle library.
Paulo
________________________________
From: Paul Blecha [mailto:pjble...@hotmail.com]
Sent: Monday, November 07, 2011 5:40 PM
To: itext-questions@lists.sourceforge.net
Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
When debugging in VS2010, it builds successfully; but when the default.aspx
page attempts to load, that's when I get the previously mentioned error.
I read elsewhere that the application will not run if the compiler detects
non-compliant algorithms; so even though the app will compile and the debugger
will start, the application will never do anything but crash and burn at the
beginning. It's not simply a matter of step-debugging until it hits a
non-compliant algorithm call.
________________________________
From: psoa...@glintt.com
To: itext-questions@lists.sourceforge.net
Date: Mon, 7 Nov 2011 15:53:33 +0000
Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
Where exactly does it break? What's the stack trace? I have it running with the
flag turned on without any problems. Besides, no algorithms from
System.Security.Cryptography are ever called.
Paulo
________________________________
From: Paul Blecha [mailto:pjble...@hotmail.com]
Sent: Monday, November 07, 2011 2:44 PM
To: itext-questions@lists.sourceforge.net
Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
In my previous version of iTextSharp, I changed out all references of MD5 to
use SHA-256. Under that scenario, when I turned on the FIPS flag, my
application worked fine. The issue that prevented me moving forward at that
point was, PDFs that were being generated required a password to open, even
when I was passing a null value to the SetEncryption() method for the password.
And, since the password wasn't being set, the PDF was essentially useless.
At that point, I did research and upgraded to 5.1.2. After implementing 5.1.2
as part of my solution, I turned the FIPS flag on; and received the usual "This
implementation is not part of the Windows Platform FIPS validated cryptographic
algorithms." response.
Since the rest of my code worked prior to the implementation of 5.1.2, I know
it is not a problem with my code; the problem is that 5.1.2 cannot be FIPS
compliant. Since these are government machines, I will eventually be required
to have the FIPS flag set to true. So, unfortunately, in this instance, your
statement is untrue.
If I replace all references to MD5 with SHA-256, how can I prevent the PDF from
requiring a password to open it? Or, do you have other alternatives available?
Paul
________________________________
From: psoa...@glintt.com
To: itext-questions@lists.sourceforge.net
Date: Mon, 7 Nov 2011 10:51:12 +0000
Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
iTextSharp is FIPS compliant. The MD5 need by the PDF is generated with the
bouncycastle library and won't be affected by the compliance flag turned on.
Paulo
________________________________
From: Paul Blecha [mailto:pjble...@hotmail.com]
Sent: Friday, November 04, 2011 3:21 PM
To: itext-questions@lists.sourceforge.net
Subject: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
I'm a govt contractor on a web application project, and:
* I recently upgraded to a utilization of version 5.1.2, since I had read
that at least version 5 was required for FIPS compliance.
* I have noted that there are other algorithms in the code besides those
that are FIPS compliant.
* I just saw a post from Paulo on another forum site indicating that MD5 was
required for PDF generation.
* My server environment will eventually, probably within six months, require
the "Enable FIPS compliance" flag to be turned ON.
* When the FIPS flag is on, ANY code that references non-compliant
encryption algorithms will break, EVEN IF those references are not utilized or
called from my application.
So, has anyone created a port of the latest iTextSharp that really IS FIPS
compliant? Or at the very least, has anyone determined how to make the
existing code really WORK with the FIPS compliance flag being turned to "on"?
I'm assuming that if I just comment out the references to non-compliant
algorithms, it should work; but is Paulo's statement about MD5 being required
still true? Do I need to consider a different PDF creation solution?
Thanks for your help in advance.
Paul
------------------------------------------------------------------------------
RSA(R) Conference 2012 Save $700 by Nov 18 Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________ iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a
registered trademark of 1T3XT BVBA. Many questions posted to this list can (and
will) be answered with a reference to the iText book:
http://www.itextpdf.com/book/ Please check the keywords list before you ask for
examples: http://itextpdf.com/themes/keywords.php
------------------------------------------------------------------------------
RSA(R) Conference 2012 Save $700 by Nov 18 Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________ iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a
registered trademark of 1T3XT BVBA. Many questions posted to this list can (and
will) be answered with a reference to the iText book:
http://www.itextpdf.com/book/ Please check the keywords list before you ask for
examples: http://itextpdf.com/themes/keywords.php
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
