1. Knowledge base
  2. Articles

No signatures appended and error displayed when FIPS is enabled

Scenario:

You are using Exclaimer Signature Manager Exchange Edition or Exclaimer Mail Disclaimers. Having enabled FIPS, no signatures are appended to messages and the following error is reported in the Exclaimer console:

\System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()

at Exclaimer.Common.XmlSerializationFactory.GenerateSerializerKey(Type type, Type[] extraTypes, Boolean includeAssemblyTimeStamps)

at Exclaimer.Common.XmlSerializationFactory.FindCachedSerializer(Type type, XmlAttributeOverrides overrides, Type[] extraTypes, XmlRootAttribute root, String defaultNamespace)

at Exclaimer.PolicyProcessingEngine.ExclaimerDeclaration.Create(Stream stream)

at Exclaimer.PolicyProcessingEngine.ExclaimerDeclaration.Create()

at Exclaimer.Console.Host.Engine.ConsoleHostApplication.GetProductAdaptor()

at Exclaimer.Console.Host.Engine.ConsoleHostApplication.CreateSplashForm()

at Exclaimer.Common.UI.SplashManager.#e.#CRg.#JRg(Func`1 creator, Int32 timeout)

at Exclaimer.Common.UI.SplashManager.#e.#CRg.#e.#XXm.#pab()

at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

at System.Threading.ThreadHelper.ThreadStart()

Cause:

FIPS is the United States Federal Information Processing Standard, which defines the cryptographic algorithms approved for use by US Federal government computer systems.

Enabling FIPS mode in Windows means that only FIPS-validated cryptographic algorithms are used. However, the .NET framework (used by most Microsoft applications, including Exclaimer Signature Manager Exchange Edition and Exclaimer Mail Disclaimers) supplies both FIPS and non-FIPS versions of the same cryptographic algorithms.

Non-FIPS versions have been available for longer and are used more widely - typically, they are faster. If FIPS mode is enabled, the non-FIPS algorithms throw an error and the application fails, which is what’s happening in this scenario.

This is one of several reasons why Microsoft no longer recommends the use of FIPS mode.

Solution:

As a Microsoft Gold Partner, Exclaimer always advise the best practices and recommendations of Microsoft. As such, we advise against the use of FIPS.

For further background about why Microsoft (and thus we) no longer recommend the use of FIPS, please click here.

For further information about security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11, please click here.

Customer support service by UserEcho