I while back (about 18 months ago I think) my team ran into an issue while working on a system for the Department of Defense. The issue occurs when the "System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing" security setting is enabled through Group Policy or Local Security Policy on a WSS or MOSS server. After much research and gnashing of teeth, we finally traced the issue back to the fact that the .NET Framework uses AES encryption as the default. Unfortunately, at least in Windows Server 2003, the Microsoft implementation of AES had not been FIPS validated and the application immediately threw an error when it tried to use the algorithm. We were able to resolve this issue by specifying a "validation" attribute as well as a "decryption" attribute in the SharePoint web.config files for all Content web applications as well as SharePoint Central Administration. We used 3DES as the value of the attribute. Any of Windows Validated FIPS Compliant algorithms should work in this setting. SharePoint specifies an encryptionKey and decryptionKey under the machineKey element but other than that, once the attributes are added, you should have a machineKey element that looks something like
<machineKey validationKey="21F090935F6E49C2C797F69BBAAD8402ABD2EE0B667A8B44EA7DD4374267A75D7 AD972A119482D15A4127461DB1DC347C1A63AE5F1CCFAACFF1B72A7F0A281B" decryptionKey="ABAA84D7EC4BB56D75D217CECFFB9628809BDB8BF91CFCD64568A145BE59719F" validation="3DES" decryption="3DES"/>
This same fix would apply to any ASP.NET application that is using View State Encryption and displays the "This Implementation is Not part of the Windows Validated FIPS Compliant Algorithms" error message when trying to view a page.
So… why am I just now writing about this? Yesterday, a friend of mine sends me an email that says "Remember when we hit that encryption issue with SharePoint… How did we solve that?" Luckily, I still had a demo server that had the modified machineKey element and I remembered enough to know where to look. I also know that there are some other articles out there about this issue now, but I can never find them when I need them.
Here are a couple of related references: http://support.microsoft.com/kb/911722, http://www.dscoduc.com/post/2008/05/03/FIPS-Compliant-Algorithms-and-IIS.aspx, http://stevesps.blogspot.com/2008_10_01_archive.html, http://msdn.microsoft.com/en-us/library/ms998288.aspx.
Clint