stackoom
  简体   繁体   中英

How to enable FIPS on windows 7

 原文  2011-02-03 12:51:19       windows/ windows-7/ fips

Question

必须从客户端测试ac#应用程序,该应用程序在具有FIPS enbaled的机器上工作

2 answers

solution1
 48  2012-11-29 22:14:20

First, be aware of what actually happens when you enforce FIPS140-2 complient encryption within Windows. Details are at http://technet.microsoft.com/en-us/library/cc750357.aspx . However, the main 'gotcha' (old SSL website's don't work in IE anymore) is detailed in the article linked below.

The official instructions to enable FIPS 140-2 complience are at http://support.microsoft.com/kb/811833 , but can be summarised as follows:

  1. Using an account that has administrative credentials, log on to the computer.
  2. Click Start, click Run, type gpedit.msc , and then press ENTER.
  3. In the Local Group Policy Editor, under the Computer Configuration node, double-click Windows Settings , and then double-click Security Settings .
  4. Under the Security Settings node, double-click Local Policies , and then click Security Options .
  5. In the details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.
  6. In the System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing dialog box, click Enabled , and then click OK to close the dialog box.
  7. Close the Local Group Policy Editor.

If you wish to do this manually, you can also simply change the registry key HKLM\\System\\CurrentControlSet\\Control\\Lsa\\FIPSAlgorithmPolicy\\Enabled to 1

Finally, to repeat, it is very important that you read through the documentation before you enable this - it changes cryptography system wide, including how the file system (both EFS and Bitlocker) and network (IE, Remote Desktop and the main cryptographic libraries) are allowed to encrypt, as well as if you allowed to recover lost encryption keys.

solution2
 2  2013-04-28 10:42:38

As an alternative, for Windows 7 users (with admin rights), this is one of the "Network Properties". Step by step:

  1. click on the "Network" icon on task bar.
  2. right click > Properties on the specific Network connection
  3. switch to the "Security" tab.
  4. click on "Advanced Settings" button.
  5. click the checkbox labeled "Enable Federal Information Processing Standards (FIPS) compliance for this network.

Also, have in mind:

  • Recommended reading: http://technet.microsoft.com/en-us/magazine/ff847520.aspx
  • This setting sepends on what you have selected as "Security Type" on the Security Tab
  • Your wireless network adapter card might be doing this encryption in hardware already. This checkbox will switch from that to rather performing AES encryption in software.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can Windows OS detect if an algorithm is FIPS compliant? How can I build a DLL using the OpenSSL FIPS static library on Windows? How to check that CNG Windows API returns algorithm implementation which is FIPS compliant How to enable harmony in Node for Windows? How to enable Windows UWP for flutter? How to enable ICMP service in Windows? Java 8 64 bit on Windows with NSS for FIPS 140 compliance How to enable SSL debugging in Tomcat as a Windows service? How to enable management console in rabitmq on windows? How to enable the Docker Remote API on Windows
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM