FIPS Compliance for Aspose.Cells

Hi support team,

On a FIPS enabled machine, when we try to create a Workbook object for the attached file, we got an exception with the following message:

“This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.”

Looking at the stack trace, the exception is raised in:

System.Security.Cryptography.MD5CryptoServiceProvider…ctor()

We tried with both Aspose.Cells version 19.10 and 20.1, results are identical.

Any information regarding this issue would be helpful. Thanks.

FIPS_Compliance.zip (161.9 KB)

@hatanlinh13,

Thanks for the template file and details.

We have already added support for FIPS compliance to Aspose.Cells. We need to investigate your issue with your file. A ticket is logged with an id “CELLSNET-47182” for your issue. We will look into it soon.

Once we have an update on it, we will let you know.

@hatanlinh13,

We evaluated your issue further.
If you could open the file in Microsoft Excel, you will find that the workbook is protected.(see my attachment: “workbook_protected.png”). The workbook is protected, so the content is encrypted. When Aspose.Cells inits the workbook, encrypting content is needed. However, in this process, MD5 hash is used according to Microsoft docs (e.g. [MS-OFFCRYPTO]: Password Verification | Microsoft Learn).
As you know MD5 is not FIPS compliance, so this workbook can’t be opened on a FIPS enabled machine.
workbook_protected.png (108.8 KB)

@Amjad_Sahi,

Thanks for your response!

@hatanlinh13,

You are welcome.