I am creating a keyed SHA256 hash using HMACSHA256 with the following code:
HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey);
byte[] hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(data));
string hashResult = string.Empty;
for (int i = 0; i < hash.Length; i++)
{
hashResult += hash[i].ToString("x2"); // hex format
}
This is working just fine, however, it fails in a FIPS enabled environment because HMACSHA256 uses an underlying SHA256Managed implementation which is itself not FIPS compliant.
Searching through MSDN documentation I find that the only SHA256 implementation of KeyedHashAlgorithm is HMACSHA256.
I am required to sign web service requests with a keyed SHA256 hash (so I can't change the hash type), and I must be able to run in a FIPS enabled environment.
Googling shows that both SHA256CryptoServiceProvider and SHA256Cng are FIPS compliant ways to create SHA256 hashes, but neither seem to support the creation of keyed hashes.
No, there is not. Here is a list of ones that are (scroll down to FIPS.sys Algorithms section).
A work around I've used int he past is here, but I'm not sure if that will work for web services. This solution could work.