NuGet - FIPS compliant algorithms

Jul 29, 2011 at 2:59 AM
Edited Jul 29, 2011 at 2:59 AM

Not sure if this is the right place to log this but I wanted to get this info out to the community.

After setting up a corporate NuGet Gallery in the office, I was hitting issues when integrating the NuGet command line exe into our shiny new TeamCity hosted CI build system.  The agents (clean server 2008 R2 builds) that were running the exe (list packages operation) were reporting the same error : The type initializer for 'NuGet.CryptoHashProvider' threw an exception.  Nothing else was being logged, and running the exe on another test server (and my dev machine) did not yield the same error...

After a bit of digging (digging as in recompiling the exe from source and adding exception handling to output stack traces) it turned out to be a Windows FIPS compliance issue; see http://support.microsoft.com/kb/811833.  It looks like the NuGet command line uses the System.Security.Cryptography.SHA512 hash algorithm that is not on the FIPS standard list (assumed, I haven't checked), and if your local security settings on your server enforce these standards then you won't be able to run the exe for various operations.

Hope this helps anyone scratching their heads with the same error.  Be good to hear any thoughts on preventing this error without change local security policies (what about corporations that enforce it through group policy?)

Steve