Hotfixes and Patches for Windows for July 2015

Hey SDK friends, Jeff here with the July 2015 Hotfix List 3070714 “0x000000B8” Stop error during MPIO path failover in Windows Server 2008 R2 SP1 3060682 “The specified server cannot perform the requested operation” error occurs when GPO backup is unsuccessful and dynamic updates are disabled in Windows Server 2012 R2  3061817 Windows 8.1 does…

0

Reducing the time to perform a CRL check on isolated networks

    Hi everyone,   Writing today to pass along a solution to reduce the time for performing certificate revocation list processing (CRL checking).   This topic has been covered in other blogs in length in ways to lock down servers to prevent outgoing calls for CRL processing and delays.  Here are a few for example:…

0

How to get a Cryptographic Public Key from a Certificate in a Windows Store application

If you’re writing a Windows Store application you’ll find that the WinRT runtime is missing the X509Certificate interfaces found in .NET.  In many instances, you may want to encrypt or verify a signature with any given certificate.  That means extracting the public key out of the certificate.  .NET has the X509Certificate2 class that simply contains…


Getting a “System.ArgumentException: Value was invalid” when trying to sign data using SHA256CryptoServiceProvider

  Here is the symptom: 1.    You are using RSACryptoServiceProvider for computing SHA-2 signatures. 2.    Doing this you get unhandled exceptions of type "System.ArgumentException" in mscorlib.dll saying "Value was invalid". 3.    A typical call that failed was: byte[] signature = rsa.SignData(data, new SHA256CryptoServiceProvider()); 4.    The SHA1CryptoServiceProvider did not reproduce the exception. 5.    Additionally you have…


Compliance of .Net security libraries about verifying a CMS Advanced Electronic Signatures (CAdES) message

CAdES is an extension of CMS and these extensions, where present, require a different process to check the signature. Our .Net security libraries (System.Security.Cryptography) though verify a CAdES message; it actually ignores the CAdES part within the message.   SignedCms can verify a message with a CAdES signature but it does not verify the CAdES…


How to make your custom RNG (random number generator) implementation the default RNG provider for the system using CNG API’s

  If you have implemented your random number generator make sure that you register it using BCryptRegisterProvider function. Add the algorithm name to the list of symmetric cipher algorithm class using BCryptAddContextFunction.   Example:   BCryptAddContextFunction(                         CRYPT_LOCAL,              // Scope: local machine only                         NULL,                     // Application context: default                         BCRYPT_RNG_INTERFACE,     // Algorithm class                        …


You might get a high CPU usage while decrypting using RSA keys

  You might get a high CPU usage while decrypting using RSA keys     The root cause of this issue (high CPU usage while decrypting using RSA keys) is as stated in the MSDN link http://msdn.microsoft.com/en-us/magazine/cc163676.aspx. The name of the article is “Encrypting without Secrets” by Keith Brown.   The points to look at…


Steps for creating a self-signed certificate with the key container created at the machine key set and private key exportable.

Here are the steps for creating a self-signed certificate with the key container created at the machine key set. Step 1: Get the CSP handle by creating the key container at the machine key folder. if (!CryptAcquireContext(&hCryptProv, _T(“shmisra”), NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET)) {       // Error       _tprintf(_T(“Error 0x%x\n”), GetLastError());         // Try to create…


Understanding of SignedCms.CheckSignature(True)

An understanding of SignedCms.CheckSignature(True) based on the code stated below. ‘ Create a ContentInfo object from the inner content obtained ‘ independently from encodedMessage. Dim contentInfo As New ContentInfo(innerContent)   ‘ Create a new, detached SignedCms message. Dim signedCms As New SignedCms(contentInfo, True)   ‘ encodedMessage is the encoded message received from ‘ the sender….


‘System.Security.Cryptography.CryptographicException – The index value is not valid’

While trying to extract the public key from a certificate you may get an exception that says: ‘System.Security.Cryptography.CryptographicException – The index value is not valid’. The exact error is CRYPT_E_INVALID_INDEX which means "The index value is not valid". This happens if you try to get the public key using X509Certificate2::GetPublicKey method and the reason is…