WCF error: Cannot resolve KeyInfo for unwrapping key: KeyInfo ‘SecurityKeyIdentifier

If you are getting an error like : Cannot resolve KeyInfo for unwrapping key: KeyInfo 'SecurityKeyIdentifier and your have checked that your certificate is in the right store and right place.

So this might be the reason. check the binding you have and make sure the negotiateServiceCredential has the same value. By default, it is true.

Reason? The server will use this flag to try to build the primary token resolver which is being used to resolve those key info clause. If that flag is ture, then the server will load the server certificate into the primary token resolver, so it will fail to resolve the key info if client sends one.

So where is that flag? Here is an example where this could be located:


<binding ...>

<security mode="Message">

<message clientCredentialType="Windows" negotiateServiceCredential="true"

algorithmSuite="Default" establishSecurityContext="true" />




 Hope this helps!

Skip to main content