Skip to main content Skip to footer

Licensing changes for FIPS compliance

Many of our customers face NAG screen issue while deploying their application even when licenses.licx file is being included in their .exe file. One of the reasons could be FIPS, i.e. the system must not be FIPS Compliant. This NAG screen issue exists in applications using builds before 2011-V3. The United States Federal government has decided that anyone who uses encryption for any purpose (including making information in a runtime license not obvious) must use Federal Information Processing Standard (FIPS) compliant encryption algorithms. Therefore, the use of many of the .NET encryption algorithms will throw exceptions if the policy for the machine executing the code is set for FIPS Compliance. Before 2011-V3, our controls were not FIPS compliant since our previous licensing code encrypts the runtime license using the convenient .NET algorithms (not FIPS compliant). It was throwing exceptions and resulting in NAG screens for machines set up with high security. 2011-V3 onwards, we made some licensing changes that removes the need to disable the algorithm check. This new licensing code takes these exceptions into account and accepts the license, thus preventing the NAG screens. Hence, if FIPS is enabled on the system, then the NAG screen gets popped-up on running the .exe file even. In order to Enable/ Disable the FIPS, please follow the steps mentioned below:- Start > Run > Regedit > OK. HKEY_LOCAL_MACHINE–>System–>CurrentControlSet->Control –>LSA–>FIPSAlgoPolicy–>Change ValueData value of Enabled to 1.

  • To disable FIPS change it to 0
  • To enable the FIPS change the value to 1

You can have a look at this Disabling the FIPS Algorithm Check blog for that matter. For basic information, please note that FIPS compliance can be set on the local machine through: Administrative Tools ->Local Security Policy ->Security Options ->System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing Alternatively, you can check the setting in the registry. After you enable or disable the System cryptography: To use FIPS compliant algorithms for encryption, hashing, and signing security setting, you must restart your application, such as Internet Explorer, for the new setting to take effect. In Windows Server 2008 and Windows Vista, this security setting affects the following registry value: HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled And in Windows Server 2003 and Windows XP, this security setting affects the following registry value: HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy This registry value reflects the current FIPS setting. If this setting is enabled, the value is 1. If this setting is disabled, the value is 0. (Please note, the portions of the registry settings above in blue are the key portions, and the trailing black text is a named value on the key). Hence, whenever you face NAG screen issues during deployment, even when licenses.licx file has being included in your .exe file, then you must check your system against FIPS compliance.


comments powered by Disqus