How to verify signatures using a temporary keyset in .NET

Hi all, Some time ago a customer of mine had issues to verify signatures with RSACryptoServiceProvider when users had a mandatory and/or roaming profile, as he was getting the following exception: “System.Security.Cryptography.CryptographicException: Cryptographic Service Provider (CSP) for this implementation could not be acquired”. I already talked about this: RSACryptoServiceProvider fails when used with mandatory profiles….


Unable to import a key into KeyNumber.Signature with RSACryptoServiceProvider

Hi all, The other day a customer of mine was having an issue when importing key pairs with .NET’s RSACryptoServiceProvider. When setting KeyNumber parameter to KeyNumber.Exchange everything seems to be fine. But when setting the KeyNumber parameter to KeyNumber.Signature the key pair is imported to the KeyNumber.Exchange slot just as if you haven’t set the KeyNumber…


Big delay while calling EnvelopedCms constructor

Hi all,   You may experience a big delay when calling EnvelopedCms constructor in your .NET application if you have networking problems. For example, if DNS server is not available, a call to the constructor may take 30 to 90 seconds!!!   I could repro the issue by running the following code: DateTime before =…


ExportParameters returns Invalid type specified error

Hi all,   Some time ago a customer of mine was trying to export the private key associated to a certificate stored in a smart card, and for that he was trying to use the RSACryptoServiceProvider.ExportParameters method with a code like the following: ”   System.Security.Cryptography.X509Certificates.X509Certificate2 cert = GetCert(certName); RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey; RSAParameters params =…


Invalid algorithm specified when signing with RSACryptoServiceProvider and SHA 256

Hi all, The other day a customer of mine was getting the following error when signing with RSACryptoServiceProvider after specifying SHA 256 as hash algorithm: invalid algorithm specified. He was using a non-Microsoft CSP (Cryptographic Service Provider). We checked the CryptoAPI calls that .NET was calling behind the scenes (you may do that with my…


"Invalid provider type specified" error when accessing X509Certificate2.PrivateKey on CNG certificates

Hi all,  You may get the following exception when trying to access X509Certificate2.PrivateKey on a .NET 3.5 (or older) app: “System.Security.Cryptography.CryptographicException: Invalid provider type specified. at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()” When this happened to me,…


Default Provider Type for CspParameters has changed

Hi all, Before .NET Framework 3.5 SP1, the default provider type for CspParameters was PROV_RSA_FULL (1). Now it’s PROV_RSA_AES (24) for all operating systems which support Microsoft Enhanced RSA and AES Cryptographic Provider (WinXP and higher). So if your code depends on PROV_RSA_FULL being set as provider type, you will have to explicitly specify it yourself:CspParameters…


RSACryptoServiceProvider fails if we delete a user from the machine

Hi all, The other day a customer of mine had an interesting issue: a specific user runs their application for the first time without problem on a machine. Any other user can run the app without problems on the same machine, too. If that specific user is deleted from the machine, any other user will…


RSACryptoServiceProvider.Encrypt returns "Key not valid for use in specified state" error

Hi all, When executing RSACryptoServiceProvider.Encrypt method (see How to generate key pairs, encrypt and decrypt data with .NET (C#) for an example), you may get a System.Security.Cryptography.CryptographicException. According to MSDN, this is to be expected in several circumstances: The cryptographic service provider (CSP) cannot be acquired. -or- The length of the rgb parameter is greater…


How to generate key pairs, encrypt and decrypt data with .NET (C#)

Hi all, The other day a colleague of mine asked me if I had a .NET version of the C++ sample in How to generate key pairs, encrypt and decrypt data with CryptoAPI post. C++ sample calls CryptoAPI directly (and you know we can do the same thing in .NET through P/Invoke), but the idea was to use…