"Invalid provider type specified" error when accessing X509Certificate2.PrivateKey on CNG certificates

Hi all,  You may get the following exception when trying to access X509Certificate2.PrivateKey on a .NET 3.5 (or older) app: “System.Security.Cryptography.CryptographicException: Invalid provider type specified. at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()” When this happened to me,…

7

CryptographicException: Unable to open the access token of the current thread

Hi all, When working with RSACryptoServiceProvider, we may get an exception like the following:System.Security.Cryptography.CryptographicException: Unable to open the access token of the current thread at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr) at System.Security.Cryptography.Utils._GetKeyParameter(SafeKeyHandle hKey, UInt32 paramID) at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle) at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair() at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize) at…

0

Threading issues with RSACryptoServiceProvider

Hi all, When using RSACryptoServiceProvider in i.e. ASP.NET you may get the following exception under a heavy load scenario: “System.Security.Cryptography.CryptographicException: CryptoAPI cryptographic service provider (CSP) for this implementation could not be acquired”.   We’ve seen in past posts (sample) how we can use my CryptoAPI Tracer script to take a look to the CryptoAPI calls that RSACryptoServiceProvider makes behind the…

2

CryptAcquireContext fails with NTE_BAD_KEYSET

Hi all, When we try to access a key container, CryptAcquireContext may return NTE_BAD_KEYSET (or error # 0x80090016 or -2146893802 or “Keyset does not exist”) for the following two reasons: 1) key container doesn’t exist. You may repeat the call to CryptAcquireContext, but this time using CRYPT_NEWKEYSET flag to create a new key container. 2)…

2

CryptAcquireContext fails with ERROR_FILE_NOT_FOUND

Hi all, welcome back, CryptAcquireContext API will fail with error #2 or ERROR_FILE_NOT_FOUND if: 1) the user’s profile is not loaded, as we saw in my post RSACryptoServiceProvider fails when used with ASP.NET. 2) AppData registry value in the following registry key is not present or is misconfigured:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders As we saw in the…

0

How to select which Smart Card reader to perform actions on

Hi all, welcome back, Most of the time we only have a smart card reader in our machine, and we only use one smart card to perform crypto operations. But what if we have several readers and cards, and those cards share the same CSP (Cryptographic Service Provider)? Can we select the one we want…

0

RSACryptoServiceProvider fails when used with ASP.NET

Hi, welcome back, I will talk today about a very common issue we face when we try to use .NET’s RSACryptoServiceProvider class in ASP.NET. When we try to create a new RSACryptoServiceProvider object in this scenario, we may get the following exception: “System.Security.Cryptography.CryptographicException: The system cannot find the file specified”.   By using my CryptoAPI Tracer…

16

How to trace CryptoAPI calls (2)

Hi, welcome back, Let’s try to understand a bit better what’s going on my CryptoAPI Tracer script.  Let’s take a look to one of the most important breakpoints I set on a CryptoAPI function: bm Advapi32!CryptAcquireContextW “.printf \”\\n>>>>>>>>>>>>>>>>>>>>>>\\n\\nCryptAcquireContextW (%#x)\\n\”, @$tid;    .echo;.echo IN;    .echo pszContainer; .if(poi(@esp+8)=0) {.echo NULL} .else {du poi(@esp+8)};    .echo;.echo pszProvider; .if(poi(@esp+c)=0) {.echo NULL} .else…

2

RSACryptoServiceProvider fails when used with mandatory profiles

Hi, welcome back, I will talk today about a very common issue we face when we try to use .NET’s RSACryptoServiceProvider (http://msdn2.microsoft.com/en-us/library/system.security.cryptography.rsacryptoserviceprovider.aspx) class with mandatory profiles (i.e. Citrix environment). When we try to create a new RSACryptoServiceProvider object in this scenario, we get the following exception: “System.Security.Cryptography.CryptographicException: Cryptographic Service Provider (CSP) for this implementation could not…

3