Invalid provider type specified when accessing X509Certificate2.PrivateKey
Today, I was attempting to digitally sign a byte array with my private key so that I could produce an event on the event bus and a consumer could ensure that the message came from me and was not modified while in transit.
public byte[] SignData(byte[] data){X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);certStore.Open(OpenFlags.ReadOnly);// the DN I get is CN=name,CN=Users,DC=example,DC=com// but the DN on the cert has spaces after each commastring spacedDN = UserPrincipal.Current.DistinguishedName.Replace(",", ", ");X509Certificate2 cert = certStore.Certificates.Find(X509FindType.FindBySubjectDistinguishedName,spacedDN,true).OfType<X509Certificate2>().FirstOrDefault();if (null == cert) { // handle no cert }RSACryptoServiceProvider rsaProvider = cert.PrivateKey as RSACryptoServiceProvider;return rsaProvider.SignData(data, new SHA1CryptoServiceProvider());}
System.Security.Cryptography.CryptographicException: Invalid provider type specified.... the stack trace boils down to ...System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
This wasn't a terribly enlightening exception message, so I asked google and found this link and this link. It turns out that by using the newest Certificate Templates (version 3), I am using Microsoft's new Key Storage Provider (KSP), and not the Cryptographic Storage Provider (CSP) that we normally expect. Windows Server 2008-based certificate templates use the KSP as part of what M$ calls Cryptography Next Generation (CNG). While .NET 4 does provide managed implementations of the CNG stuff, they are not FIPS-compliant, which is a deal-breaker for me.
So what is a FIPS-constrained boy to do? Well, I had to delete my auto-enrollment templates that were Windows Server 2008-based and replace them with Windows Server 2003-based templates. When you duplicate a template using the Certificate Templates MMC snap-in, it will ask you to choose between 2008-based and 2003-based. Select 2003-based and then revoke any certs you may have issued based on the 2008-based templates. Let auto-enrollment take its course and then you'll find that you no longer get the invalid provider exception when you access your private key.
Hi John - I have been mulling over your article and just wondered if you know if KSP keys are stored here: ../Microsoft/Crypto/Keys and CSP keys are stored here: ../Microsoft/Crypto/RSA.
ReplyDeleteI ask because I'm puzzled why a private key someone has given me keeps getting created in ../Microsoft/Crypto/Keys while I'm used to them being created here: ../Microsoft/Crypto/RSA.
The error I get when I try to access the key in BizTalk 2010 is the same as you got.
It's a long shot but you might know!
Hi James,
DeleteI'm having the same issue with our BizTalk 2013R2 CU2 server when calling a WCF-WSHttp end-point using a certificate for the Message Security.
Were you able to resolve this issue? If so what did you do to get it fixed.
Thanks
The problem for me was the template under which the certificate was issued. At the certificate authority, when you define a template, you're given the choice between 2008-based and 2003-based templates. Once you select 2003-based, you can re-issue yourself a certificate and you shouldn't have problems any longer because PrivateKey should then be accessible.
ReplyDeleteI am new to accessing the X509Certificate2.PrivateKey. I am using microsoft cryptographic storage provider(CSP).Can you tell me what exactly 2008-based and 2003-based templates.
ReplyDeleteI love this!!The blog is very nice to me. Im always keeping this idea in mind. I appreciate for your help once again.
ReplyDeleteJMeter Training in Chennai
JMeter Training Course
JMeter Training in Adyar
JMeter Training in Porur
Appium Training in Chennai
javascript training in chennai
core java training in chennai
C C++ Training in Chennai
Nice post. Thanks for sharing.
ReplyDeleteSpoken English Classes in Chennai Anna Nagar
Spoken English Class in Porur
Spoken English Class in Vadapalani
Spoken English Class in Thiruvanmiyur
Spoken English Class in Chennai
Best English Speaking Classes in Mumbai
English Speaking Course in Mumbai
IELTS Training in Chennai
IELTS Coaching in Chennai
IELTS Mumbai
The article is so informative. This is more helpful for our
ReplyDeletemagento training course in chennai
magento training institute in chennai
magento 2 training in chennai
magento development training
magento 2 course
magento developer training
Thanks for sharing.
Thanks for sharing an informative blog keep rocking bring more details.I like the helpful info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite sure I will learn much new stuff right here! Good luck for the next!
ReplyDeleteWeb Designing Training Institute in Chennai | web design training class in chennai | web designing course in chennai with placement
Mobile Application Development Courses in chennai
Data Science Training in Chennai | Data Science courses in Chennai
Professional packers and movers in chennai | PDY Packers | Household Goods Shifting
Web Designing Training Institute in Chennai | Web Designing courses in Chennai
Google ads services | Google Ads Management agency
Web Designing Course in Chennai | Web Designing Training in Chennai
I have been reading for the past two days about your blogs and topics, still on fetching! Wondering about your words on each line was massively effective.... Candidates can check their result easily within few seconds through this page when the officials release Sarkari result. On our webpage, we are providing all the State Government/ Central Government/ PSC/ Entrance Exam Results
ReplyDeleteThanks for sharing the information... You write very interesting and well... Get Chandigarh escort service
ReplyDeleteReach on http://www.dreamnightcallgirls.com
Chandigarh escort
Chandigarh call girls
Mua vé máy bay tại Aivivu, tham khảo
ReplyDeleteVé máy bay đi Mỹ
vé máy bay đà nẵng về sài gòn
vé máy bay từ tphcm ra hà nội
vé máy bay sài gòn đà lạt pacific airlines
gia ve may bay tphcm di quy nhon
xe taxi sân bay nội bài
combo hà nội đà lạt
This article will outline all the different strategies you should be aware of when it comes to soccer.
ReplyDeleteBest IAS Coaching in India
Escort Service In Gurgaon - Our call girls agency is ready to meet your all needs. They are enjoying most seductive female call Girls from different parts of the World. Have you ever date any female in your life? If no then you do not know the real taste of dating fun with a call girl. Then our Gurgaon Escorts service will help you to tackle your dreams with one of the independent female escort agencies.
ReplyDeleteEscort Service In Gurgaon
https://www.kajalvermas.com/escort-service-in-gurgaon/
Thanks for sharing a good article with us. It is very helpful to us, if you want to know more about accounting software our website is helpful to you...
ReplyDeleteAccounting Software Singapore
PSG Grant Accounting Software
E invoicing Singapore
https://www.sharmaacademy.com/mppsc-notes.php
ReplyDeleteSharma Academy is Central Indias largest provider of Mppsc Notes and Mppsc Study Material. You will get updated MPPSC Notes as per the latest syllabus of state level psc exam in Hindi and English medium both.
This comment has been removed by the author.
ReplyDeleteAaj mein aap ko time badhane wale condom kaun se hain unke baare mein bataunga aur kese aap condom ki help se long time tak apne sex ko enjoy kare sakte hain
ReplyDelete