Articles in this section

See more

No signatures appended and error displayed when FIPS is enabled

Avatar
Exclaimer Support
  • Updated
Follow

Relevant Product: Signature Manager Exchange Edition

WARNING! From 1st April 2021 Exclaimer will no longer be renewing any Software Maintenance Agreement (SMA) for Mail Disclaimers.

Please be assured that the Exclaimer Support team will provide support until your SMA is active.

However, we recommend that you contact the Exclaimer Sales team to discuss your requirements for an upgrade to Signature Management Exchange Edition or Exclaimer Cloud - Signatures for Exchange.

Scenario 

You are using Exclaimer Signature Manager Exchange Edition or Exclaimer Mail Disclaimers.

You have enabled the Federal Information Processing Standard (FIPS) and you notice that no signatures are appended to messages and you receive an error similar to this in the Exclaimer console:

ERROR: \System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.MD5CryptoServiceProvider..ctor() at Exclaimer.Common.XmlSerializationFactory.GenerateSerializerKey(Type type, Type[] extraTypes, Boolean includeAssemblyTimeStamps) at Exclaimer.Common.XmlSerializationFactory.FindCachedSerializer(Type type, XmlAttributeOverrides overrides, Type[] extraTypes, XmlRootAttribute root, String defaultNamespace) at Exclaimer.PolicyProcessingEngine.ExclaimerDeclaration.Create(Stream stream) at Exclaimer.PolicyProcessingEngine.ExclaimerDeclaration.Create() at Exclaimer.Console.Host.Engine.ConsoleHostApplication.GetProductAdaptor() at Exclaimer.Console.Host.Engine.ConsoleHostApplication.CreateSplashForm() at Exclaimer.Common.UI.SplashManager.#e.#CRg.#JRg(Func`1 creator, Int32 timeout) at Exclaimer.Common.UI.SplashManager.#e.#CRg.#e.#XXm.#pab() at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart()

Reason

Microsoft no longer recommends the use of the Federal Information Processing Standard (FIPS) mode.

One of the major reasons is:

FIPS defines cryptographic algorithms approved for use by U.S. Federal government computer systems. If you enable FIPS mode in Windows, this means that only FIPS-validated cryptographic algorithms will be used. 

However, the .NET framework (used by most Microsoft applications, including Exclaimer Signature Manager Exchange Edition and Exclaimer Mail Disclaimers) supplies both FIPS and non-FIPS versions of the same cryptographic algorithms. 

If FIPS mode is enabled, the non-FIPS algorithms throw an error and the application fails - this is what’s happening in this scenario.

(Non-FIPS versions are available and are used more widely; typically, they are faster).

Resolution

As a Microsoft Gold Partner, Exclaimer always advises the best practices and recommendations of Microsoft: therefore, we advise against the use of FIPS.

Note: For more information on security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11, see Microsoft Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 - FINAL.

Related articles