Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms #171

Open
jcallen1234 opened this issue Sep 19, 2019 · 8 comments
Open

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms #171

jcallen1234 opened this issue Sep 19, 2019 · 8 comments
Assignees
@jkdba
Labels
bug

Comments

@jcallen1234
Copy link

jcallen1234 commented Sep 19, 2019
edited by jkdba
Loading

When running a Get-KeePassEntry command and entering the database password I get the following error.

New-Object : Exception calling ".ctor" with "1" argument(s): "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."
At C:\Program Files\WindowsPowerShell\Modules\PoShKeePass\internal\New-KPConnection.ps1:95 char:39
+ ... AddUserKey((New-Object KeepassLib.Keys.KcpPassword([System.Runtime.In ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

Exception calling "Open" with "3" argument(s): "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."
At C:\Program Files\WindowsPowerShell\Modules\PoShKeePass\internal\New-KPConnection.ps1:123 char:9
+         $null = $DatabaseObject.Open($IOInfo, $CompositeKey, $IStatus ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : InvalidOperationException

InvalidDatabaseConnectionException : The database is not open.
At C:\Program Files\WindowsPowerShell\Modules\PoShKeePass\internal\New-KPConnection.ps1:128 char:13
+             Throw 'InvalidDatabaseConnectionException : The database  ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (InvalidDatabase...se is not open.:String) [], RuntimeException
    + FullyQualifiedErrorId : InvalidDatabaseConnectionException : The database is not open.
@jkdba jkdba self-assigned this Sep 19, 2019
@jkdba
Copy link
Member

jkdba commented Sep 19, 2019

@jcallen1234 thanks for reaching out, can you please provide the following details:

  1. Powershell Version
  2. PoShKeePass Version
  3. What Method do you use to authenticate to keepass? master password, master password and key file, master password and network account, etc
  4. Was this ever working and it stopped? If so what changed since it stopped working?

@jcallen1234
Copy link
Author

jcallen1234 commented Sep 19, 2019 via email
edited
Loading

@jkdba

This comment has been minimized.

Sign in to view
@jkdba
Copy link
Member

jkdba commented Sep 23, 2019

As discussed this appears to happen when FIPS is enabled in windows.

From Initial testing it appears the keepass gui can deal with fips, will need to investigate how this is done and see if it can be replicated in the module's connection functions

@jkdba jkdba added the bug label Sep 23, 2019
@PatrickOnGit
Copy link

See the following article about FIPS compliancy in Windows:
why we're not recommending "fips-mode" anymore (as security default)

Specifically see the section "Why FIPS mode is particularly onerous"

Bottom line, the application itself needs to check if fips compliancy is enabled and if so it either choose algorithms supported within this mode or implement its own library.

@isopodshuffle
Copy link

Is there a workaround available for this? I'm getting the same error (Windows 10 version 1909, Powershell v5.1, PoshKeePass v2.1.3.0). Unfortunately disabling FIPS mode isn't an option, as it's set by group policy and I don't have the ability to change that.

I've tried setting up the database configuration three different ways (password, windows user, and key file), and also tried both Database File Encryption Algorithm options, but no luck

@ryanmahoney96
Copy link

Is there a workaround available for this? I'm getting the same error (Windows 10 version 1909, Powershell v5.1, PoshKeePass v2.1.3.0). Unfortunately disabling FIPS mode isn't an option, as it's set by group policy and I don't have the ability to change that.

I've tried setting up the database configuration three different ways (password, windows user, and key file), and also tried both Database File Encryption Algorithm options, but no luck

Bumping this, is there any workaround available?

@veemun
Copy link

veemun commented Sep 1, 2023
edited
Loading

Would really be nice to have this work in FIPS mode. We are required to have our machines in FIPS mode.

Edit: So I"ve just tried this is powershell 7 instead of 5 and it seems to work as expected there. Recommend updating to PS7 since we probably won't see a backported fix from Microsoft

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jkdba jkdba

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jkdba @ryanmahoney96 @PatrickOnGit @jcallen1234 @isopodshuffle @veemun