Exception type: System.Security.Cryptography.CryptographicException
Message: Invalid provider type specified.
They needed to use SHA-2 and AES algorithms with those CMS classes, and we already saw that we need a CNG provider for that on Vista and later:
The reason for this exception is that .NET doesn't support CNG on those types yet. Current CNG support in the .NET Framework extends only to explicit algorithm wrappers with CNG suffixes (ECDsaCng, SHA256Cng, etc.). None of the higher level services have CNG plumbed through (for instance, CMS, SignedXml, X509Certificate, etc).
So an alternative we have to work with CMS and SHA2 or AES algorithms, is to call CryptMsg API directly through p/invoke and use a CNG provider.
Sample on how to call CryptMsg API from .NET (no CNG included, sorry): How to call CryptMsg API in streaming mode (C#)
I hope this helps.
Alex (Alejandro Campos Magencio)