"Invalid provider type specified" error when accessing X509Certificate2.PrivateKey on CNG certificates

Hi all,  You may get the following exception when trying to access X509Certificate2.PrivateKey on a .NET 3.5 (or older) app: “System.Security.Cryptography.CryptographicException: Invalid provider type specified. at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()” When this happened to me,…


Does SignTool work on Windows 7?

Hi all, The answer to the question of the title is YES, OF COURSE! Why wouldn’t it? Well, the reason of this question is the following: you may already know that CAPICOM has been deprecated on Windows 7 (CAPICOM support on Windows 7). It was going to be deprecated when Vista came out, but it didn’t…


x64 version of SignTool?

Hi all, I was asked the other day if we had an x64 version of SignTool.exe. Up to date, the answer is NO. If you download the tool with Microsoft Windows SDK, you will only get the x86 version. This tool has dependencies on some x86 authenticode plug-ins, and as you sure know, you cannot load…


x64 version of CAPICOM?

Hi all, Now that we are progressively moving to x64 systems, many people ask me if there is an x64 version of CAPICOM available. The answer is no, there is not. And because CAPICOM is already deprecated (CAPICOM support on Windows 7), there won’t ever be any. So if you are using a version of…


2.1.0.3, a new CAPICOM version?

Hi all, The other day I got surprised when a customer of mine told me that they had seen a new CAPICOM version being installed by Office 2007 SP2: 2.1.0.3. I’ve been dealing with many CAPICOM issues in the past, and I had no news of such a version. Is it a new version? Can…


HttpWebClientProtocol.ClientCertificates and PFX files

Hi all, Imagine you want to call a webservice through SSL in a client application. You want to provide a client certificate to the SSL connection and you have a PFX file with that client certificate plus the CA certificate plus the root certificate. None of those certificates are installed in the system. So you…


How to manipulate REG_MULTI_SZ values from the registry (C++)

Hi all, The other day I had to develop a small C++ sample which shows how to read the list of values of a REG_MULTI_SZ from the registry, and add a new value just after one of the values of the list. Additionally, I used methods and constants from tchar.h extensively, so it didn’t matter if I…


Access Violation exception when loading a certificate in .NET (Windows Server 2003)

Hi all You may get an Access Violation exception when loading a certificate into a X509Certificate2 object, only after installing KB 938397 hotfix (crypt32.dll v5.131.3790.4095) at Applications that use the Cryptography API cannot validate an X.509 certificate in Windows Server 2003. Note that the issue won’t happen with Windows Server 2003 SP2 version of crypt32.dll…


CAPICOM support on Windows 7

Hi all, CAPICOM has finally been deprecated, and it won’t be supported on Windows 7. This link is up to date and proposes alternatives to CAPICOM classes by using .NET classes and CryptoAPI: Alternatives to Using CAPICOM. The following article may help if you were using CAPICOM in your web site and you are planning…


Working with CNG in .NET 3.5

Hi all,   Do you want to work with CNG and .NET 3.5 and don’t want to P/Invoke into CryptoAPI & CNG API? Check out Security.Cryptography.dll library at CLR Security: “Security.Cryptography.dll provides a new set of algorithm implementations to augment the built in .NET framework supported algorithms. It also provides some APIs to extend the existing framework…