Dear All,
I've successfully imported an X509 certificate and associated private key to the "Microsoft Enhanced RSA and AES Cryptographic Provider" CSP. If I dump the key I See that the key is correctly imported and I'm able to use it:
certutil -user -store My
================ Certificate 1 ================
Serial Number: b66bcf8395472500
Issuer: CN=Test Root, O=Third-party CA, C=BE
NotBefore: 14/09/2013 13:21
NotAfter: 1/12/2021 13:21
Subject: CN=SP-all, O=Test SP, C=BE
Non-root Certificate
Cert Hash(sha1): ce de 01 ff a6 93 8a 56……………………………………
Key Container = SP-all-b9a6e534-704d-4bc1-b6aa-123456789abc
Provider = Microsoft Enhanced RSA and AES Cryptographic Provider
Encryption test passed
Using .Net framework 4.5 I've observed the following behavior:
If I use the private key directly using code similar to
CspParameters cspparams =newCspParameters(24,"Microsoft Enhanced RSA and AES Cryptographic Provider","SP-all-f4453b29-b993-4827-99b0-123456789abc");
RSACryptoServiceProvider rsacsp =
newRSACryptoServiceProvider(cspparams);
rsacsp.Encrypt(arrayToEncrypt,false);
All is OK.
Now, if I’m getting the certificate from the My store and trying to sign using the private key I get an exception
X509Store store =newX509Store(StoreName.My,StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection coll = store.Certificates.Find(X509FindType.FindByThumbprint, Thumbrpint,true);
RSACryptoServiceProvider rsacsp = (RSACryptoServiceProvider)cert.PrivateKey;
rsacsp.Encrypt(arrayToEncrypt,false);
I'm getting an exception when using cert.PrivateKey : “System.Security.Cryptography.CryptographicException: Provider type does not match registered value.”
Apparently the X509Certificate2 class isn’t able to instanciate correctly the associated private key when the key is in the "Microsoft Enhanced RSA and AES Cryptographic Provider" CSP.
Have you seen a way to use a certificate and its associated private key when the key is stored in that specific CSP ?
KR,
oblabla