Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
iTextSharp is FIPS compliant. The MD5 need by the PDF is generated with the bouncycastle library and won't be affected by the compliance flag turned on. Paulo From: Paul Blecha [mailto:pjble...@hotmail.com] Sent: Friday, November 04, 2011 3:21 PM To: itext-questions@lists.sourceforge.net Subject: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance I'm a govt contractor on a web application project, and: * I recently upgraded to a utilization of version 5.1.2, since I had read that at least version 5 was required for FIPS compliance. * I have noted that there are other algorithms in the code besides those that are FIPS compliant. * I just saw a post from Paulo on another forum site indicating that MD5 was required for PDF generation. * My server environment will eventually, probably within six months, require the Enable FIPS compliance flag to be turned ON. * When the FIPS flag is on, ANY code that references non-compliant encryption algorithms will break, EVEN IF those references are not utilized or called from my application. So, has anyone created a port of the latest iTextSharp that really IS FIPS compliant? Or at the very least, has anyone determined how to make the existing code really WORK with the FIPS compliance flag being turned to on? I'm assuming that if I just comment out the references to non-compliant algorithms, it should work; but is Paulo's statement about MD5 being required still true? Do I need to consider a different PDF creation solution? Thanks for your help in advance. Paul -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
In my previous version of iTextSharp, I changed out all references of MD5 to use SHA-256. Under that scenario, when I turned on the FIPS flag, my application worked fine. The issue that prevented me moving forward at that point was, PDFs that were being generated required a password to open, even when I was passing a null value to the SetEncryption() method for the password. And, since the password wasn't being set, the PDF was essentially useless. At that point, I did research and upgraded to 5.1.2. After implementing 5.1.2 as part of my solution, I turned the FIPS flag on; and received the usual This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. response. Since the rest of my code worked prior to the implementation of 5.1.2, I know it is not a problem with my code; the problem is that 5.1.2 cannot be FIPS compliant. Since these are government machines, I will eventually be required to have the FIPS flag set to true. So, unfortunately, in this instance, your statement is untrue. If I replace all references to MD5 with SHA-256, how can I prevent the PDF from requiring a password to open it? Or, do you have other alternatives available? Paul From: psoa...@glintt.com To: itext-questions@lists.sourceforge.net Date: Mon, 7 Nov 2011 10:51:12 + Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance iTextSharp is FIPS compliant. The MD5 need by the PDF is generated with the bouncycastle library and won't be affected by the compliance flag turned on. Paulo From: Paul Blecha [mailto:pjble...@hotmail.com] Sent: Friday, November 04, 2011 3:21 PM To: itext-questions@lists.sourceforge.net Subject: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance I'm a govt contractor on a web application project, and: I recently upgraded to a utilization of version 5.1.2, since I had read that at least version 5 was required for FIPS compliance. I have noted that there are other algorithms in the code besides those that are FIPS compliant. I just saw a post from Paulo on another forum site indicating that MD5 was required for PDF generation. My server environment will eventually, probably within six months, require the Enable FIPS compliance flag to be turned ON. When the FIPS flag is on, ANY code that references non-compliant encryption algorithms will break, EVEN IF those references are not utilized or called from my application. So, has anyone created a port of the latest iTextSharp that really IS FIPS compliant? Or at the very least, has anyone determined how to make the existing code really WORK with the FIPS compliance flag being turned to on? I'm assuming that if I just comment out the references to non-compliant algorithms, it should work; but is Paulo's statement about MD5 being required still true? Do I need to consider a different PDF creation solution? Thanks for your help in advance. Paul -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
You can't just blanket replace MD5-SHA-256, since there are parts of PDF where you MUST use MD5 (and not doing so would create an invalid document). Instead, you would need to disable the specific parts of iText that require MD5 and for others that can accept alternative hash algorithms, use one. Additionally, you will need to be sure to disable the various password methods that use RC4 or other non-FIPS algorithms. Leonard From: Paul Blecha pjble...@hotmail.commailto:pjble...@hotmail.com Reply-To: Post here itext-questions@lists.sourceforge.netmailto:itext-questions@lists.sourceforge.net Date: Mon, 7 Nov 2011 06:43:40 -0800 To: Post here itext-questions@lists.sourceforge.netmailto:itext-questions@lists.sourceforge.net Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance In my previous version of iTextSharp, I changed out all references of MD5 to use SHA-256. Under that scenario, when I turned on the FIPS flag, my application worked fine. The issue that prevented me moving forward at that point was, PDFs that were being generated required a password to open, even when I was passing a null value to the SetEncryption() method for the password. And, since the password wasn't being set, the PDF was essentially useless. At that point, I did research and upgraded to 5.1.2. After implementing 5.1.2 as part of my solution, I turned the FIPS flag on; and received the usual This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. response. Since the rest of my code worked prior to the implementation of 5.1.2, I know it is not a problem with my code; the problem is that 5.1.2 cannot be FIPS compliant. Since these are government machines, I will eventually be required to have the FIPS flag set to true. So, unfortunately, in this instance, your statement is untrue. If I replace all references to MD5 with SHA-256, how can I prevent the PDF from requiring a password to open it? Or, do you have other alternatives available? Paul From: psoa...@glintt.commailto:psoa...@glintt.com To: itext-questions@lists.sourceforge.netmailto:itext-questions@lists.sourceforge.net Date: Mon, 7 Nov 2011 10:51:12 + Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance iTextSharp is FIPS compliant. The MD5 need by the PDF is generated with the bouncycastle library and won't be affected by the compliance flag turned on. Paulo From: Paul Blecha [mailto:pjble...@hotmail.com] Sent: Friday, November 04, 2011 3:21 PM To: itext-questions@lists.sourceforge.netmailto:itext-questions@lists.sourceforge.net Subject: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance I'm a govt contractor on a web application project, and: * I recently upgraded to a utilization of version 5.1.2, since I had read that at least version 5 was required for FIPS compliance. * I have noted that there are other algorithms in the code besides those that are FIPS compliant. * I just saw a post from Paulo on another forum site indicating that MD5 was required for PDF generation. * My server environment will eventually, probably within six months, require the Enable FIPS compliance flag to be turned ON. * When the FIPS flag is on, ANY code that references non-compliant encryption algorithms will break, EVEN IF those references are not utilized or called from my application. So, has anyone created a port of the latest iTextSharp that really IS FIPS compliant? Or at the very least, has anyone determined how to make the existing code really WORK with the FIPS compliance flag being turned to on? I'm assuming that if I just comment out the references to non-compliant algorithms, it should work; but is Paulo's statement about MD5 being required still true? Do I need to consider a different PDF creation solution? Thanks for your help in advance. Paul -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ iText-questions mailing list iText-questions@lists.sourceforge.netmailto:iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R
Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
Where exactly does it break? What's the stack trace? I have it running with the flag turned on without any problems. Besides, no algorithms from System.Security.Cryptography are ever called. Paulo From: Paul Blecha [mailto:pjble...@hotmail.com] Sent: Monday, November 07, 2011 2:44 PM To: itext-questions@lists.sourceforge.net Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance In my previous version of iTextSharp, I changed out all references of MD5 to use SHA-256. Under that scenario, when I turned on the FIPS flag, my application worked fine. The issue that prevented me moving forward at that point was, PDFs that were being generated required a password to open, even when I was passing a null value to the SetEncryption() method for the password. And, since the password wasn't being set, the PDF was essentially useless. At that point, I did research and upgraded to 5.1.2. After implementing 5.1.2 as part of my solution, I turned the FIPS flag on; and received the usual This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. response. Since the rest of my code worked prior to the implementation of 5.1.2, I know it is not a problem with my code; the problem is that 5.1.2 cannot be FIPS compliant. Since these are government machines, I will eventually be required to have the FIPS flag set to true. So, unfortunately, in this instance, your statement is untrue. If I replace all references to MD5 with SHA-256, how can I prevent the PDF from requiring a password to open it? Or, do you have other alternatives available? Paul From: psoa...@glintt.com To: itext-questions@lists.sourceforge.net Date: Mon, 7 Nov 2011 10:51:12 + Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance iTextSharp is FIPS compliant. The MD5 need by the PDF is generated with the bouncycastle library and won't be affected by the compliance flag turned on. Paulo From: Paul Blecha [mailto:pjble...@hotmail.com] Sent: Friday, November 04, 2011 3:21 PM To: itext-questions@lists.sourceforge.net Subject: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance I'm a govt contractor on a web application project, and: * I recently upgraded to a utilization of version 5.1.2, since I had read that at least version 5 was required for FIPS compliance. * I have noted that there are other algorithms in the code besides those that are FIPS compliant. * I just saw a post from Paulo on another forum site indicating that MD5 was required for PDF generation. * My server environment will eventually, probably within six months, require the Enable FIPS compliance flag to be turned ON. * When the FIPS flag is on, ANY code that references non-compliant encryption algorithms will break, EVEN IF those references are not utilized or called from my application. So, has anyone created a port of the latest iTextSharp that really IS FIPS compliant? Or at the very least, has anyone determined how to make the existing code really WORK with the FIPS compliance flag being turned to on? I'm assuming that if I just comment out the references to non-compliant algorithms, it should work; but is Paulo's statement about MD5 being required still true? Do I need to consider a different PDF creation solution? Thanks for your help in advance. Paul -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
When debugging in VS2010, it builds successfully; but when the default.aspx page attempts to load, that's when I get the previously mentioned error. I read elsewhere that the application will not run if the compiler detects non-compliant algorithms; so even though the app will compile and the debugger will start, the application will never do anything but crash and burn at the beginning. It's not simply a matter of step-debugging until it hits a non-compliant algorithm call. From: psoa...@glintt.com To: itext-questions@lists.sourceforge.net Date: Mon, 7 Nov 2011 15:53:33 + Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance Where exactly does it break? What's the stack trace? I have it running with the flag turned on without any problems. Besides, no algorithms from System.Security.Cryptography are ever called. Paulo From: Paul Blecha [mailto:pjble...@hotmail.com] Sent: Monday, November 07, 2011 2:44 PM To: itext-questions@lists.sourceforge.net Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance In my previous version of iTextSharp, I changed out all references of MD5 to use SHA-256. Under that scenario, when I turned on the FIPS flag, my application worked fine. The issue that prevented me moving forward at that point was, PDFs that were being generated required a password to open, even when I was passing a null value to the SetEncryption() method for the password. And, since the password wasn't being set, the PDF was essentially useless. At that point, I did research and upgraded to 5.1.2. After implementing 5.1.2 as part of my solution, I turned the FIPS flag on; and received the usual This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. response. Since the rest of my code worked prior to the implementation of 5.1.2, I know it is not a problem with my code; the problem is that 5.1.2 cannot be FIPS compliant. Since these are government machines, I will eventually be required to have the FIPS flag set to true. So, unfortunately, in this instance, your statement is untrue. If I replace all references to MD5 with SHA-256, how can I prevent the PDF from requiring a password to open it? Or, do you have other alternatives available? Paul From: psoa...@glintt.com To: itext-questions@lists.sourceforge.net Date: Mon, 7 Nov 2011 10:51:12 + Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance iTextSharp is FIPS compliant. The MD5 need by the PDF is generated with the bouncycastle library and won't be affected by the compliance flag turned on. Paulo From: Paul Blecha [mailto:pjble...@hotmail.com] Sent: Friday, November 04, 2011 3:21 PM To: itext-questions@lists.sourceforge.net Subject: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance I'm a govt contractor on a web application project, and: I recently upgraded to a utilization of version 5.1.2, since I had read that at least version 5 was required for FIPS compliance. I have noted that there are other algorithms in the code besides those that are FIPS compliant. I just saw a post from Paulo on another forum site indicating that MD5 was required for PDF generation. My server environment will eventually, probably within six months, require the Enable FIPS compliance flag to be turned ON. When the FIPS flag is on, ANY code that references non-compliant encryption algorithms will break, EVEN IF those references are not utilized or called from my application. So, has anyone created a port of the latest iTextSharp that really IS FIPS compliant? Or at the very least, has anyone determined how to make the existing code really WORK with the FIPS compliance flag being turned to on? I'm assuming that if I just comment out the references to non-compliant algorithms, it should work; but is Paulo's statement about MD5 being required still true? Do I need to consider a different PDF creation solution? Thanks for your help in advance. Paul -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net
Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
So, is it possible that the issue I'm getting isn't because of the MD5 algorithm, but the RC4? I can try commenting that out and replacing it; but I don't know what would be the natural, and compliant, replacement algorithm for that. Elsewhere in the application, I am using managed TripleDES. From: lrose...@adobe.com To: itext-questions@lists.sourceforge.net Date: Mon, 7 Nov 2011 07:16:35 -0800 Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance You can't just blanket replace MD5-SHA-256, since there are parts of PDF where you MUST use MD5 (and not doing so would create an invalid document). Instead, you would need to disable the specific parts of iText that require MD5 and for others that can accept alternative hash algorithms, use one. Additionally, you will need to be sure to disable the various password methods that use RC4 or other non-FIPS algorithms. Leonard From: Paul Blecha pjble...@hotmail.com Reply-To: Post here itext-questions@lists.sourceforge.net Date: Mon, 7 Nov 2011 06:43:40 -0800 To: Post here itext-questions@lists.sourceforge.net Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance In my previous version of iTextSharp, I changed out all references of MD5 to use SHA-256. Under that scenario, when I turned on the FIPS flag, my application worked fine. The issue that prevented me moving forward at that point was, PDFs that were being generated required a password to open, even when I was passing a null value to the SetEncryption() method for the password. And, since the password wasn't being set, the PDF was essentially useless. At that point, I did research and upgraded to 5.1.2. After implementing 5.1.2 as part of my solution, I turned the FIPS flag on; and received the usual This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. response. Since the rest of my code worked prior to the implementation of 5.1.2, I know it is not a problem with my code; the problem is that 5.1.2 cannot be FIPS compliant. Since these are government machines, I will eventually be required to have the FIPS flag set to true. So, unfortunately, in this instance, your statement is untrue. If I replace all references to MD5 with SHA-256, how can I prevent the PDF from requiring a password to open it? Or, do you have other alternatives available? Paul From: psoa...@glintt.com To: itext-questions@lists.sourceforge.net Date: Mon, 7 Nov 2011 10:51:12 + Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance iTextSharp is FIPS compliant. The MD5 need by the PDF is generated with the bouncycastle library and won't be affected by the compliance flag turned on. Paulo From: Paul Blecha [mailto:pjble...@hotmail.com] Sent: Friday, November 04, 2011 3:21 PM To: itext-questions@lists.sourceforge.net Subject: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance I'm a govt contractor on a web application project, and: I recently upgraded to a utilization of version 5.1.2, since I had read that at least version 5 was required for FIPS compliance. I have noted that there are other algorithms in the code besides those that are FIPS compliant. I just saw a post from Paulo on another forum site indicating that MD5 was required for PDF generation. My server environment will eventually, probably within six months, require the Enable FIPS compliance flag to be turned ON. When the FIPS flag is on, ANY code that references non-compliant encryption algorithms will break, EVEN IF those references are not utilized or called from my application. So, has anyone created a port of the latest iTextSharp that really IS FIPS compliant? Or at the very least, has anyone determined how to make the existing code really WORK with the FIPS compliance flag being turned to on? I'm assuming that if I just comment out the references to non-compliant algorithms, it should work; but is Paulo's statement about MD5 being required still true? Do I need to consider a different PDF creation solution? Thanks for your help in advance. Paul -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1
Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance
Try it with a standalone aplication to get the stack trace. In my machine applications run until they find non compliant code and then throw an exception. I'm sure there's nothing in the code that can trigger a FIPS error. Just a remark, FIPS errors only show up if running algorithms in the System.Security.Cryptography namespace. It can't guess if other algorithms are running with some other code as in the bouncycastle library. Paulo From: Paul Blecha [mailto:pjble...@hotmail.com] Sent: Monday, November 07, 2011 5:40 PM To: itext-questions@lists.sourceforge.net Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance When debugging in VS2010, it builds successfully; but when the default.aspx page attempts to load, that's when I get the previously mentioned error. I read elsewhere that the application will not run if the compiler detects non-compliant algorithms; so even though the app will compile and the debugger will start, the application will never do anything but crash and burn at the beginning. It's not simply a matter of step-debugging until it hits a non-compliant algorithm call. From: psoa...@glintt.com To: itext-questions@lists.sourceforge.net Date: Mon, 7 Nov 2011 15:53:33 + Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance Where exactly does it break? What's the stack trace? I have it running with the flag turned on without any problems. Besides, no algorithms from System.Security.Cryptography are ever called. Paulo From: Paul Blecha [mailto:pjble...@hotmail.com] Sent: Monday, November 07, 2011 2:44 PM To: itext-questions@lists.sourceforge.net Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance In my previous version of iTextSharp, I changed out all references of MD5 to use SHA-256. Under that scenario, when I turned on the FIPS flag, my application worked fine. The issue that prevented me moving forward at that point was, PDFs that were being generated required a password to open, even when I was passing a null value to the SetEncryption() method for the password. And, since the password wasn't being set, the PDF was essentially useless. At that point, I did research and upgraded to 5.1.2. After implementing 5.1.2 as part of my solution, I turned the FIPS flag on; and received the usual This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. response. Since the rest of my code worked prior to the implementation of 5.1.2, I know it is not a problem with my code; the problem is that 5.1.2 cannot be FIPS compliant. Since these are government machines, I will eventually be required to have the FIPS flag set to true. So, unfortunately, in this instance, your statement is untrue. If I replace all references to MD5 with SHA-256, how can I prevent the PDF from requiring a password to open it? Or, do you have other alternatives available? Paul From: psoa...@glintt.com To: itext-questions@lists.sourceforge.net Date: Mon, 7 Nov 2011 10:51:12 + Subject: Re: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance iTextSharp is FIPS compliant. The MD5 need by the PDF is generated with the bouncycastle library and won't be affected by the compliance flag turned on. Paulo From: Paul Blecha [mailto:pjble...@hotmail.com] Sent: Friday, November 04, 2011 3:21 PM To: itext-questions@lists.sourceforge.net Subject: [iText-questions] iTextSharp 5.1.2 and FIPS Compliance I'm a govt contractor on a web application project, and: * I recently upgraded to a utilization of version 5.1.2, since I had read that at least version 5 was required for FIPS compliance. * I have noted that there are other algorithms in the code besides those that are FIPS compliant. * I just saw a post from Paulo on another forum site indicating that MD5 was required for PDF generation. * My server environment will eventually, probably within six months, require the Enable FIPS compliance flag to be turned ON. * When the FIPS flag is on, ANY code that references non-compliant encryption algorithms will break, EVEN IF those references are not utilized or called from my application. So, has anyone created a port of the latest iTextSharp that really IS FIPS compliant? Or at the very least, has anyone determined how to make the existing code really WORK with the FIPS compliance flag being turned to on? I'm assuming that if I just comment out the references to non-compliant algorithms, it should work; but is Paulo's statement about MD5 being required still true? Do I need to consider a different PDF creation solution? Thanks for your help in advance. Paul -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa
[iText-questions] iTextSharp 5.1.2 and FIPS Compliance
I'm a govt contractor on a web application project, and: I recently upgraded to a utilization of version 5.1.2, since I had read that at least version 5 was required for FIPS compliance. I have noted that there are other algorithms in the code besides those that are FIPS compliant. I just saw a post from Paulo on another forum site indicating that MD5 was required for PDF generation. My server environment will eventually, probably within six months, require the Enable FIPS compliance flag to be turned ON. When the FIPS flag is on, ANY code that references non-compliant encryption algorithms will break, EVEN IF those references are not utilized or called from my application. So, has anyone created a port of the latest iTextSharp that really IS FIPS compliant? Or at the very least, has anyone determined how to make the existing code really WORK with the FIPS compliance flag being turned to on? I'm assuming that if I just comment out the references to non-compliant algorithms, it should work; but is Paulo's statement about MD5 being required still true? Do I need to consider a different PDF creation solution? Thanks for your help in advance. Paul -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
[iText-questions] ITextSharp 5.1.2
Hi, On the project page:http://sourceforge.net/projects/itextsharp/ and download page:http://sourceforge.net/projects/itextsharp/files/ the latest version is being shown as 5.1.1, although it seems 5.1.2 was released on August 23. Thanks! -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Re: [iText-questions] ITextSharp 5.1.2
Fixed. Paulo - Original Message - From: Keith O To: itext-questions@lists.sourceforge.net Sent: Saturday, August 27, 2011 12:02 PM Subject: [iText-questions] ITextSharp 5.1.2 Hi, On the project page:http://sourceforge.net/projects/itextsharp/ and download page:http://sourceforge.net/projects/itextsharp/files/ the latest version is being shown as 5.1.1, although it seems 5.1.2 was released on August 23. Thanks! -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php-- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php