Decrypt my World : CryptoAPI

"Invalid provider type specified" error when accessing X509Certificate2.PrivateKey on CNG certificates

alejacma — Tue, 22 Dec 2009 09:58:00 GMT

Hi all,

You may get the following exception when trying to access X509Certificate2.PrivateKey on a .NET 3.5 (or older) app:

"
System.Security.Cryptography.CryptographicException: Invalid provider type specified.

at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
"

When this happened to me, I used my CryptoAPI Tracer on the problematic app to find out which CryptoAPI was failing and causing that exception. This was the one:

"
CryptAcquireContextA (0x448)

IN
pszContainer
0078a948 "anycontainername"

pszProvider
00773fb8 "Microsoft Software Key Storage P"
00773fd8 "rovider"

dwProvType
0

dwFlags
0

OUT
hProv
NULL

RESULT
CryptAcquireContextA (0x448) FAILED
LastErrorValue: (HRESULT) 0x80090014 (2148073492) - Invalid provider type specified.
LastStatusValue: (NTSTATUS) 0 - STATUS_WAIT_0
"

So the certificate I was using was associated to Microsoft Software Key Storage Provider, which is not a CSP but a KSP:

CNG Key Storage Providers
"
Unlike Cryptography API (CryptoAPI), Cryptography API: Next Generation (CNG) separates cryptographic providers from key storage providers (KSPs). KSPs can be used to create, delete, export, import, open and store keys. Depending on implementation, they can also be used for asymmetric encryption, secret agreement, and signing. Microsoft installs the following KSPs beginning with Windows Vista and Windows Server 2008.
"

This is a CNG certificate! This is what CertUtil.exe returns on the private key of that certificate:

"
Key Container = ...
Unique container name: ...
Provider = Microsoft Software Key Storage Provider
Private key is NOT exportable
Encryption test passed
"

So certutil.exe knows how to deal with this kind of CNG certificates. I used my CryptoAPI Tracer on CertUtil, and this tool is using CryptAcquireCertificatePrivateKey instead of CryptAcquireContext to access the keys of the cert. CryptAcquireCertificatePrivateKey has specific flags to deal with CNG:

CryptAcquireCertificatePrivateKey Function
"
CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG
This function will attempt to obtain the key by using CryptoAPI. If that fails, this function will attempt to obtain the key by using the Cryptography API: Next Generation (CNG).
The pdwKeySpec variable receives the CERT_NCRYPT_KEY_SPEC flag if CNG is used to obtain the key.
...
pdwKeySpec [out]
CERT_NCRYPT_KEY_SPEC
The key is a CNG key.
"

.NET is not CNG aware yet (at least up to version 3.5 SP1). It uses CryptAcquireContext instead of CryptAcquireCertificatePrivateKey and CryptAcquireContext has no flags to deal with CNG.

A possible workaround to this may be to use CryptoAPI/CNG API directly to deal with CNG keys. That is what certutil.exe does. But if we want an easier and pure .NET solution which understands CNG, this will help to implement it:

CLR Security
"
Security.Cryptography.dll provides a new set of algorithm implementations to augment the built in .NET framework supported algorithms. It also provides some APIs to extend the existing framework cryptography APIs. Within this project you will find:
§ A CNG implementation of the AES, RSA, and TripleDES encryption algorithms
§ A CNG implementation of a random number generator
§ A class that allows dynamically creating algorithms both from this library as well as all of the algorithms that ship with .NET 3.5
§ An enumerator over all of the installed CNG providers on the current machine
§ Extension methods that allow access to all of the keys installed in a CNG provider, as well as all of the algorithms the provider supports
"

If you want to use CNG with this dll, you have to do the following:

1) Change .NET version to 3.5. As far as I know the dll requires us to move at least to that version.

2) Reference Security.Cryptography.dll in your project.

3) Include "using Security.Cryptography.X509Certificates;" statement (in C#, of course) to activate CNG extensions for standard X509Certificate2 class.

Then you may check whether the cert has a CNG key using the extension .HasCngKey() for X509Certificate2. If you have a CNG key, you can then instantiate an RSACng object using the extension .GetCngPrivateKey() for X509Certificate2. You can then i.e. decrypt with RSACng.DecryptValue().

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

Access Violation exception when loading a certificate in .NET (Windows Server 2003)

alejacma — Thu, 12 Nov 2009 15:32:00 GMT

Hi all

You may get an Access Violation exception when loading a certificate into a X509Certificate2 object, only after installing KB 938397 hotfix (crypt32.dll v5.131.3790.4095) at Applications that use the Cryptography API cannot validate an X.509 certificate in Windows Server 2003.

Note that the issue won't happen with Windows Server 2003 SP2 version of crypt32.dll (v5.131.3790.3959).

Note that the issue only happens with Base64 encoded certificate files. DER encoded certificate files work just fine.

The good news is that a newer hotfix, KB 950474, installs a newer version of crypt32.dll that fixes the issue: v5.131.3790.4271. You can get it here: Error message when you run the SharePoint Products and Technologies Configuration Wizard on a Windows Server 2003-based computer: "Application has generated an exception that could not be handled".

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

PS: What are you still doing with Windows Server 2003? Have you tried the new Windows Server 2008 R2? IT JUST ROCKS!!!!

Working with CNG in .NET 3.5

alejacma — Wed, 14 Oct 2009 10:37:00 GMT

Hi all,

Do you want to work with CNG and .NET 3.5 and don't want to P/Invoke into CryptoAPI & CNG API? Check out Security.Cryptography.dll library at CLR Security:

"
Security.Cryptography.dll provides a new set of algorithm implementations to augment the built in .NET framework supported algorithms. It also provides some APIs to extend the existing framework cryptography APIs. Within this project you will find:
§ A CNG implementation of the AES, RSA, and TripleDES encryption algorithms
§ A CNG implementation of a random number generator
§ A class that allows dynamically creating algorithms both from this library as well as all of the algorithms that ship with .NET 3.5
§ An enumerator over all of the installed CNG providers on the current machine
§ Extension methods that allow access to all of the keys installed in a CNG provider, as well as all of the algorithms the provider supports
"

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

CryptographicException: The data to be decrypted exceeds the maximum for this modulus of 0 bytes

alejacma — Fri, 09 Oct 2009 14:06:00 GMT

Hi all,

Some time ago a customer of mine was getting the following CryptographicException when calling EncryptedXml.DecryptDocument method to decrypt an XmlDocument in their .NET app:

[System.Security.Cryptography.CryptographicException] = {"The data to be decrypted exceeds the maximum for this modulus of 0 bytes"}
_HResult = -2146233296
_HResult = 0x80131430
No Inner Exception

This was only happening with a smart card certificate associated to a specific third-party CSP (non-MS).

In order to troubleshoot this, I used my CryptoAPI Tracer script to get some traces while reproducing the issue. Thanks to my script I could see these calls that .NET is making to the third-party CSP behind the scenes (I will omit key container and CSP names as they are not needed to understand the issue):

>>>>>>>>>>>>>>>>>>>>>>

CryptAcquireContextA (0x570)

IN
pszContainer
001bf1a0 "Cert Container Name"

pszProvider
001b4698 "Third-party CSP"

dwProvType
PROV_RSA_FULL

dwFlags
0

OUT
hProv
0x1bea28

RESULT
CryptAcquireContextA (0x570) SUCCEEDED

<<<<<<<<<<<<<<<<<<<<<<

>>>>>>>>>>>>>>>>>>>>>>

CryptGetUserKey (0x570)

IN
hProv
0x1bea28

dwKeySpec
AT_KEYEXCHANGE

OUT
hUserKey
0x1bf1a0

RESULT
CryptGetUserKey (0x570) SUCCEEDED

<<<<<<<<<<<<<<<<<<<<<<

>>>>>>>>>>>>>>>>>>>>>>

CryptGetKeyParam (0x570)

IN
hKey
0x1bf1a0

dwParam
KP_ALGID

pbData
NULL

dwDataLen
0

dwFlags
0

OUT
dwDataLen
4

RESULT
CryptGetKeyParam (0x570) SUCCEEDED

<<<<<<<<<<<<<<<<<<<<<<

>>>>>>>>>>>>>>>>>>>>>>

CryptGetKeyParam (0x570)

IN
hKey
0x1bf1a0

dwParam
KP_ALGID

pbData
0x1bd228

dwDataLen
4

dwFlags
0

OUT
bData
001bd228 0000a400

dwDataLen
4

RESULT
CryptGetKeyParam (0x570) SUCCEEDED

<<<<<<<<<<<<<<<<<<<<<<

>>>>>>>>>>>>>>>>>>>>>>

CryptGetKeyParam (0x570)

IN
hKey
0x1bf1a0

dwParam
KP_KEYLEN

pbData
NULL

dwDataLen
0

dwFlags
0

OUT
dwDataLen
4

RESULT
CryptGetKeyParam (0x570) SUCCEEDED

<<<<<<<<<<<<<<<<<<<<<<

>>>>>>>>>>>>>>>>>>>>>>

CryptGetKeyParam (0x570)

IN
hKey
0x1bf1a0

dwParam
KP_KEYLEN

pbData
0x1bd228

dwDataLen
4

dwFlags
0

OUT
bData
001bd228 00000000

dwDataLen
4

RESULT
CryptGetKeyParam (0x570) SUCCEEDED

<<<<<<<<<<<<<<<<<<<<<<

These calls mean the following: before .NET tries to decrypt the XML, it asks the CSP for some information on the key it will use to decrypt, like its length (CryptGetKeyParam API with KP_KEYLEN flag). For some unknown reason the third-party CSP is returning a length of 0 for the key (pbData points to 0), which is invalid, thus .NET won't continue with the decryption and will raise the exception we've seen. Why is the CSP returning an invalid length? Only the CSP developers can answer that question.

In my customer's particular case, the CSP developers quickly localized and fixed the issue.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

X509Certificate creates temporary files which are never deleted

alejacma — Wed, 30 Sep 2009 11:52:00 GMT

Hi all,

When creating an X509Certificate object in your .NET application ("X509Certificate cert = new X509Certificate(certBytes);") you may see that two 0kb files are created in the Temp folder of your Windows Server 2003, and are never deleted. After creating many of those objects the Temp folder fills up and the app won't function properly.

The cause of this issue is the following bug:

On a Windows Server 2003-based client computer, the system does not delete a temporary file that is created when an application calls the "CryptQueryObject" function

X509Certificate class uses CryptQueryObject API behind the scenes. Fortunatelly there is a fix for this referenced on the link above.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

How to timestamp Authenticode signatures when our proxy requires authentication

alejacma — Tue, 29 Sep 2009 13:47:00 GMT

Hi all,

The other day a customer of mine was trying to add an Authenticode signature with timestamp to their PowerShell scripts with PowerShell itself and its Set-AuthenticodeSignature cmdlet. He was able to sign the scripts just fine, but when using the timestamp option the cmdlet was not honoring Internet Explorer Proxy settings and the timestamping process failed.

If you have never seen how to add such a signature with PowerShell, check the following sample:

First we can create a test certificate in i.e. a cmd.exe:

c:\>makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
c:\>makecert -pe -n "CN=Powershell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer

Then we can create a signature with timestamp in PowerShell:

C:\PS>$cert=Get-ChildItem -Path cert:\CurrentUser\my -CodeSigningCert
C:\PS>Set-AuthenticodeSignature -filepath c:\notepad.exe -certificate $cert -IncludeChain All -TimeStampServer "http://timestamp.globalsign.com/scripts/timstamp.dll"

Additionally, remember that we have several other ways to do Authenticode signing as I already commented here:

How to sign EXE files with an Authenticode certificate (VB.NET)

How to sign EXE files with an Authenticode certificate (part 2)

So my customer tried to use signtool.exe instead, with the same results: IE proxy settings are not getting used at all and they get an error like the following:

C:\Program Files\Microsoft SDKs\Windows\v6.1\Bin>signtool timestamp /v /t http://timestamp.globalsign.com/scripts/timstamp.dll c:\notepad.exe

Timestamping: c:\notepad.exe
SignTool Error: The specified timestamp server could not be reached.
SignTool Error: An error occurred while attempting to timestamp: c:\notepad.exe

Number of files successfully timestamped: 0
Number of errors: 1

Note that if we open Internet Explorer and enter http://timestamp.globalsign.com/scripts/timstamp.dll into the address bar, IE presents the credentials dialog box to send to the proxy and we can access the timestamp server without problems.

The cause of this issue is the following:

All signing methods we saw in my previous posts (SignTool, CAPICOM, etc.) end up using SignerSignEx API to sign, and SignerTimeStampEx API to timestamp the signature. The same applies to PowerShell's Set-AuthenticodeSignature cmdlet.

SignerTimeStampEx will connect to the remote timestamp server in a very simple way, without using any proxy info or user credentials. And this is not configurable in any way.

So I'm afraid all signing methods we have at our disposal suffer from this limitation in the API.

In order to timestamp code, it is necessary to have unrestricted access to the Internet.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

How to get information from a CRL (.NET)

alejacma — Wed, 01 Apr 2009 12:00:00 GMT

Hi all,

The following C# sample uses CryptoAPI to read the info of a CRL (Certificate Revocation List) stored in a file:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Runtime.InteropServices;

namespace GetCRLInfo
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void getInfoButton_Click(object sender, EventArgs e)
        {
            // Variables
            //
            Boolean bResult = false;
            IntPtr pvContext = IntPtr.Zero;
            Win32.CRL_CONTEXT CRLContext;
            Win32.CRL_INFO CRLInfo;
            Int32 csz = 0;
            StringBuilder psz = null;
            IntPtr rgCRLEntry = IntPtr.Zero;
            Win32.CRL_ENTRY CRLEntry;
            String strSerialNumber = "";
            IntPtr pByte = IntPtr.Zero;
            Byte bByte = 0;
            IntPtr rgExtension = IntPtr.Zero;
            Win32.CERT_EXTENSION CRLExtension;
            Int32 cbFormat = 0;
            StringBuilder pbFormat = null;
            String strCRLReasonCode = "";
            
            // Clean screen
            //
            issuerTextBox.Text = "";
            revocationListBox.Items.Clear();

            try
            {
                // Get CRL context
                //
                bResult = Win32.CryptQueryObject(
                    Win32.CERT_QUERY_OBJECT_FILE,
                    fileTextBox.Text,
                    Win32.CERT_QUERY_CONTENT_FLAG_CRL,
                    Win32.CERT_QUERY_FORMAT_FLAG_BINARY,
                    0,
                    IntPtr.Zero,
                    IntPtr.Zero,
                    IntPtr.Zero,
                    IntPtr.Zero,
                    IntPtr.Zero,
                    ref pvContext
                );
                if (!bResult)
                {
                    throw new Exception("CryptQueryObject error #" + Marshal.GetLastWin32Error());
                }

                CRLContext = (Win32.CRL_CONTEXT)Marshal.PtrToStructure(pvContext, typeof(Win32.CRL_CONTEXT));

                // Get CRL info
                //
                CRLInfo = (Win32.CRL_INFO)Marshal.PtrToStructure(CRLContext.pCrlInfo, typeof(Win32.CRL_INFO));

                // Get CRL issuer
                //
                csz = Win32.CertNameToStr(
                    Win32.X509_ASN_ENCODING | Win32.PKCS_7_ASN_ENCODING,
                    ref CRLInfo.Issuer,
                    Win32.CERT_X500_NAME_STR,
                    null,
                    0
                );
                if (csz <= 0)
                {
                    throw new Exception("CertNameToStr error #" + Marshal.GetLastWin32Error());
                }

                psz = new StringBuilder(csz);

                csz = Win32.CertNameToStr(
                    Win32.X509_ASN_ENCODING | Win32.PKCS_7_ASN_ENCODING,
                    ref CRLInfo.Issuer,
                    Win32.CERT_X500_NAME_STR,
                    psz,
                    csz
                );
                if (csz <= 0)
                {
                    throw new Exception("CertNameToStr error #" + Marshal.GetLastWin32Error());
                }

                // Show CRL issuer
                //
                issuerTextBox.Text = psz.ToString();

                // Get revocation list
                //
                rgCRLEntry = CRLInfo.rgCRLEntry;
                for (int i = 0; i < CRLInfo.cCRLEntry; i++)
                {
                    // Get the serial number of one revoked certificate
                    //
                    strSerialNumber = "";

                    CRLEntry = (Win32.CRL_ENTRY)Marshal.PtrToStructure(rgCRLEntry, typeof(Win32.CRL_ENTRY));

                    pByte = CRLEntry.SerialNumber.pbData;
                    for (int j = 0; j < CRLEntry.SerialNumber.cbData; j++)
                    {
                        bByte = Marshal.ReadByte(pByte);
                        strSerialNumber = bByte.ToString("X").PadLeft(2, '0') + " " + strSerialNumber;
                        pByte = (IntPtr)((Int32)pByte + Marshal.SizeOf(typeof(Byte)));
                    }

                    // Get the CRL Reason Code of that revoked certificate
                    //
                    strCRLReasonCode = "";

                    rgExtension = Win32.CertFindExtension(
                        Win32.szOID_CRL_REASON_CODE,
                        CRLEntry.cExtension,
                        CRLEntry.rgExtension
                    );
                    if (rgExtension.Equals(IntPtr.Zero))
                    {
                        throw new Exception("CertFindExtension found no CRL Reason Code");
                    }
                    
                    CRLExtension = (Win32.CERT_EXTENSION)Marshal.PtrToStructure(rgExtension, typeof(Win32.CERT_EXTENSION));

                    // Format that CRL Reason Code so we can show it
                    //
                    cbFormat = 0;
                    pbFormat = null;
                    bResult = Win32.CryptFormatObject(
                        Win32.X509_ASN_ENCODING,
                        0,
                        0,
                        IntPtr.Zero,
                        Win32.szOID_CRL_REASON_CODE,
                        CRLExtension.Value.pbData,
                        CRLExtension.Value.cbData,
                        null,
                        ref cbFormat
                    );
                    if (!bResult)
                    {
                        throw new Exception("CryptFormatObject error #" + Marshal.GetLastWin32Error());
                    }

                    pbFormat = new StringBuilder(cbFormat);

                    bResult = Win32.CryptFormatObject(
                        Win32.X509_ASN_ENCODING,
                        0,
                        0,
                        IntPtr.Zero,
                        Win32.szOID_CRL_REASON_CODE,
                        CRLExtension.Value.pbData,
                        CRLExtension.Value.cbData,
                        pbFormat,
                        ref cbFormat
                    );
                    if (!bResult)
                    {
                        throw new Exception("CryptFormatObject error #" + Marshal.GetLastWin32Error());
                    }

                    strCRLReasonCode = pbFormat.ToString();

                    // Show Serial Number and CRL Reason Code
                    //
                    revocationListBox.Items.Add(strSerialNumber + "\t-->\t" + strCRLReasonCode);

                    // Continue with the next entry in the list
                    //
                    rgCRLEntry = (IntPtr)((Int32)rgCRLEntry + Marshal.SizeOf(typeof(Win32.CRL_ENTRY)));
                }
            }
            catch (Exception ex)
            {
                // Show errors
                //
                MessageBox.Show(ex.Message);
            }
            finally
            {
                // Do some clean up
                //
                if (!pvContext.Equals(IntPtr.Zero))
                {
                    Win32.CertFreeCRLContext(pvContext);
                }
            }
        }
    }
}

public class Win32
{
    #region APIs

    [DllImport("CRYPT32.DLL", EntryPoint = "CryptQueryObject", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern Boolean CryptQueryObject(
        Int32 dwObjectType,
        [MarshalAs(UnmanagedType.LPWStr)]String pvObject,
        Int32 dwExpectedContentTypeFlags,
        Int32 dwExpectedFormatTypeFlags,
        Int32 dwFlags,
        IntPtr pdwMsgAndCertEncodingType,
        IntPtr pdwContentType,
        IntPtr pdwFormatType,
        IntPtr phCertStore,
        IntPtr phMsg,
        ref IntPtr ppvContext
        );

    [DllImport("CRYPT32.DLL", EntryPoint = "CertFreeCRLContext", SetLastError = true)]
    public static extern Boolean CertFreeCRLContext(
        IntPtr pCrlContext
    );

    [DllImport("CRYPT32.DLL", EntryPoint = "CertNameToStr", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern Int32 CertNameToStr(
        Int32 dwCertEncodingType,
        ref CRYPTOAPI_BLOB pName,
        Int32 dwStrType,
        StringBuilder psz,
        Int32 csz
    );

    [DllImport("CRYPT32.DLL", EntryPoint = "CertFindExtension", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern IntPtr CertFindExtension(
        [MarshalAs(UnmanagedType.LPStr)]String pszObjId,
        Int32 cExtensions,
        IntPtr rgExtensions
    );

    [DllImport("CRYPT32.DLL", EntryPoint = "CryptFormatObject", CharSet = CharSet.Auto, SetLastError = true)]
    public static extern Boolean CryptFormatObject(
        Int32 dwCertEncodingType,
        Int32 dwFormatType,
        Int32 dwFormatStrType,
        IntPtr pFormatStruct,
        [MarshalAs(UnmanagedType.LPStr)]String lpszStructType,
        IntPtr pbEncoded,
        Int32 cbEncoded,
        StringBuilder pbFormat,
        ref Int32 pcbFormat
    );

    #endregion APIs

    #region Structs

    [StructLayout(LayoutKind.Sequential)]
    public struct CRL_CONTEXT
    {
        public Int32 dwCertEncodingType;
        public IntPtr pbCrlEncoded;
        public Int32 cbCrlEncoded;
        public IntPtr pCrlInfo;
        public IntPtr hCertStore;
    }

    [StructLayout(LayoutKind.Sequential)]
    public struct CRL_INFO
    {
        public Int32 dwVersion;
        public CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
        public CRYPTOAPI_BLOB Issuer;
        public FILETIME ThisUpdate;
        public FILETIME NextUpdate;
        public Int32 cCRLEntry;
        public IntPtr rgCRLEntry;
        public Int32 cExtension;
        public IntPtr rgExtension;
    }

    [StructLayout(LayoutKind.Sequential)]
    public struct CRYPT_ALGORITHM_IDENTIFIER
    {
        [MarshalAs(UnmanagedType.LPStr)]public String pszObjId;
        public CRYPTOAPI_BLOB Parameters;
    }

    [StructLayout(LayoutKind.Sequential)]
    public struct CRYPTOAPI_BLOB
    {
        public Int32 cbData;
        public IntPtr pbData;
    }

    [StructLayout(LayoutKind.Sequential)]
    public struct FILETIME
    {
        public Int32 dwLowDateTime;
        public Int32 dwHighDateTime;
    }

    [StructLayout(LayoutKind.Sequential)]
    public struct CRL_ENTRY
    {
        public CRYPTOAPI_BLOB SerialNumber;
        public FILETIME RevocationDate;
        public Int32 cExtension;
        public IntPtr rgExtension;
    }

    [StructLayout(LayoutKind.Sequential)]
    public struct CERT_EXTENSION
    {
        [MarshalAs(UnmanagedType.LPStr)]public String pszObjId;
        public Boolean fCritical;
        public CRYPTOAPI_BLOB Value;
    }

    #endregion Structs

    #region Consts

    public const Int32 CERT_QUERY_OBJECT_FILE = 0x00000001;
    public const Int32 CERT_QUERY_CONTENT_CRL = 3;
    public const Int32 CERT_QUERY_CONTENT_FLAG_CRL = 1 << CERT_QUERY_CONTENT_CRL;
    public const Int32 CERT_QUERY_FORMAT_BINARY = 1;
    public const Int32 CERT_QUERY_FORMAT_BASE64_ENCODED = 2;
    public const Int32 CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED = 3;
    public const Int32 CERT_QUERY_FORMAT_FLAG_BINARY = 1 << CERT_QUERY_FORMAT_BINARY;
    public const Int32 CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED = 1 << CERT_QUERY_FORMAT_BASE64_ENCODED;
    public const Int32 CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED = 1 << CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED;
    public const Int32 CERT_QUERY_FORMAT_FLAG_ALL = CERT_QUERY_FORMAT_FLAG_BINARY | CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED | CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED;

    public const Int32 X509_ASN_ENCODING = 0x00000001;
    public const Int32 PKCS_7_ASN_ENCODING = 0x00010000;

    public const Int32 X509_NAME = 7;

    public const Int32 CERT_SIMPLE_NAME_STR = 1;
    public const Int32 CERT_OID_NAME_STR = 2;
    public const Int32 CERT_X500_NAME_STR = 3;

    public const String szOID_CRL_REASON_CODE = "2.5.29.21";

    #endregion
}

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

How to create a self-signed certificate with CryptoAPI (C++)

alejacma — Mon, 16 Mar 2009 15:36:00 GMT

Hi all,

The following C++ sample shows how to use CertCreateSelfSignCertificate API to create a self-signed certificate. The private/public key pair will be created in the machine profile and the certificate will be stored in the Trusted Root CA store of that same profile:

#include "stdio.h"
#include "conio.h"
#include "windows.h"
#include "wincrypt.h"
#include "tchar.h"

int SelfSignedCertificateTest()
{
  // CREATE KEY PAIR FOR SELF-SIGNED CERTIFICATE IN MACHINE PROFILE

  HCRYPTPROV hCryptProv = NULL;
  HCRYPTKEY hKey = NULL;

  __try 
  {
    // Acquire key container
    _tprintf(_T("CryptAcquireContext... "));
    if (!CryptAcquireContext(&hCryptProv, _T("alejacma"), NULL, PROV_RSA_FULL, CRYPT_MACHINE_KEYSET)) 
    {
      // Error
      _tprintf(_T("Error 0x%x\n"), GetLastError());

      // Try to create a new key container
      _tprintf(_T("CryptAcquireContext... "));
      if (!CryptAcquireContext(&hCryptProv, _T("alejacma"), NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET))
      {
        // Error
        _tprintf(_T("Error 0x%x\n"), GetLastError());
        return 0;
      }
      else 
      {
        _tprintf(_T("Success\n"));
      }
    }
    else
    {
      _tprintf(_T("Success\n"));
    }

    // Generate new key pair
    _tprintf(_T("CryptGenKey... "));
    if (!CryptGenKey(hCryptProv, AT_SIGNATURE, 0x08000000 /*RSA-2048-BIT_KEY*/, &hKey))
    {
      // Error
      _tprintf(_T("Error 0x%x\n"), GetLastError());
      return 0;
    }
    else
    {
      _tprintf(_T("Success\n"));
    }
  }
  __finally
  {
    // Clean up  
     
    if (hKey) 
    {
      _tprintf(_T("CryptDestroyKey... "));
      CryptDestroyKey(hKey);
      _tprintf(_T("Success\n"));
    } 
    if (hCryptProv) 
    {
      _tprintf(_T("CryptReleaseContext... "));
      CryptReleaseContext(hCryptProv, 0);
      _tprintf(_T("Success\n"));
    }
  }

  // CREATE SELF-SIGNED CERTIFICATE AND ADD IT TO ROOT STORE IN MACHINE PROFILE

  PCCERT_CONTEXT pCertContext = NULL;
  BYTE *pbEncoded = NULL;
  HCERTSTORE hStore = NULL;
  HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey = NULL;
  BOOL fCallerFreeProvOrNCryptKey = FALSE;

  __try 
  {             
    // Encode certificate Subject
    LPCTSTR pszX500 = _T("CN=Alejacma, T=Test");
    DWORD cbEncoded = 0;
    _tprintf(_T("CertStrToName... "));
    if (!CertStrToName(X509_ASN_ENCODING, pszX500, CERT_X500_NAME_STR, NULL, pbEncoded, &cbEncoded, NULL))
    {
      // Error
      _tprintf(_T("Error 0x%x\n"), GetLastError());
      return 0;
    }
    else
    {
      _tprintf(_T("Success\n"));
    }

    _tprintf(_T("malloc... "));
    if (!(pbEncoded = (BYTE *)malloc(cbEncoded)))
    {
      // Error
      _tprintf(_T("Error 0x%x\n"), GetLastError());
      return 0;
    }
    else
    {
      _tprintf(_T("Success\n"));
    }

    _tprintf(_T("CertStrToName... "));
    if (!CertStrToName(X509_ASN_ENCODING, pszX500, CERT_X500_NAME_STR, NULL, pbEncoded, &cbEncoded, NULL))
    {
      // Error
      _tprintf(_T("Error 0x%x\n"), GetLastError());
      return 0;
    }
    else
    {
      _tprintf(_T("Success\n"));
    }

    // Prepare certificate Subject for self-signed certificate
    CERT_NAME_BLOB SubjectIssuerBlob;
    memset(&SubjectIssuerBlob, 0, sizeof(SubjectIssuerBlob));
    SubjectIssuerBlob.cbData = cbEncoded;
    SubjectIssuerBlob.pbData = pbEncoded;

    // Prepare key provider structure for self-signed certificate
    CRYPT_KEY_PROV_INFO KeyProvInfo;
    memset(&KeyProvInfo, 0, sizeof(KeyProvInfo));
    KeyProvInfo.pwszContainerName = _T("alejacma");
    KeyProvInfo.pwszProvName = NULL;
    KeyProvInfo.dwProvType = PROV_RSA_FULL;
    KeyProvInfo.dwFlags = CRYPT_MACHINE_KEYSET;
    KeyProvInfo.cProvParam = 0;
    KeyProvInfo.rgProvParam = NULL;
    KeyProvInfo.dwKeySpec = AT_SIGNATURE;

    // Prepare algorithm structure for self-signed certificate
    CRYPT_ALGORITHM_IDENTIFIER SignatureAlgorithm;
    memset(&SignatureAlgorithm, 0, sizeof(SignatureAlgorithm));
    SignatureAlgorithm.pszObjId = szOID_RSA_SHA1RSA;

    // Prepare Expiration date for self-signed certificate
    SYSTEMTIME EndTime;
    GetSystemTime(&EndTime);
    EndTime.wYear += 5;

    // Create self-signed certificate
    _tprintf(_T("CertCreateSelfSignCertificate... "));
    pCertContext = CertCreateSelfSignCertificate(NULL, &SubjectIssuerBlob, 0, &KeyProvInfo, &SignatureAlgorithm, 0, &EndTime, 0);
    if (!pCertContext)
    {
      // Error
      _tprintf(_T("Error 0x%x\n"), GetLastError());
      return 0;
    }
    else
    {
      _tprintf(_T("Success\n"));
    }

    // Open Root cert store in machine profile
    _tprintf(_T("CertOpenStore... "));
    hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, L"Root");
    if (!hStore)
    {
      // Error
      _tprintf(_T("Error 0x%x\n"), GetLastError());
      return 0;
    }
    else
    {
      _tprintf(_T("Success\n"));
    }

    // Add self-signed cert to the store
    _tprintf(_T("CertAddCertificateContextToStore... "));
    if (!CertAddCertificateContextToStore(hStore, pCertContext, CERT_STORE_ADD_REPLACE_EXISTING, 0))
    {
      // Error
      _tprintf(_T("Error 0x%x\n"), GetLastError());
      return 0;
    }
    else
    {
      _tprintf(_T("Success\n"));
    }

    // Just for testing, verify that we can access self-signed cert's private key
    DWORD dwKeySpec;
    _tprintf(_T("CryptAcquireCertificatePrivateKey... "));
    if (!CryptAcquireCertificatePrivateKey(pCertContext, 0, NULL, &hCryptProvOrNCryptKey, &dwKeySpec, &fCallerFreeProvOrNCryptKey))
    {
      // Error
      _tprintf(_T("Error 0x%x\n"), GetLastError());
      return 0;
    }
    else
    {
      _tprintf(_T("Success\n"));
    }                                           
  }
  __finally
  {
    // Clean up
    
    if (!pbEncoded) {
      _tprintf(_T("free... "));
      free(pbEncoded);
      _tprintf(_T("Success\n"));
    }
    
    if (hCryptProvOrNCryptKey) 
    {
      _tprintf(_T("CryptReleaseContext... "));
      CryptReleaseContext(hCryptProvOrNCryptKey, 0);
      _tprintf(_T("Success\n"));
    }
    
    if (pCertContext)
    {
      _tprintf(_T("CertFreeCertificateContext... "));
      CertFreeCertificateContext(pCertContext);
      _tprintf(_T("Success\n"));
    }
    
    if (hStore)
    {
      _tprintf(_T("CertCloseStore... "));
      CertCloseStore(hStore, 0);
      _tprintf(_T("Success\n"));
    }
  }
}

int _tmain(int argc, _TCHAR* argv[])
{
  SelfSignedCertificateTest();
  
  _tprintf(_T("<< Press any key>>\n"));
  _getch();
  return 0;
}

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

CryptUIDlgViewCertificate installs a CA certificate without my consent

alejacma — Mon, 16 Feb 2009 19:41:00 GMT

Hi all

The other day I posted How to view a certificate programatically (C#) which includes a C# sample that we can use to view a certificate with CryptUIDlgViewCertificate API. This API shows the same dialog that appears when we double-click on the cert file in Explorer.

When testing the sample, I tried it on a .cer file of a root CA which I didn't trust (yet). I just wanted to view the cert, but I got a very big surprise when I realized CryptUIDlgViewCertificate was showing the cert and installing it at the same time on my Trusted Root Certification Authorities store! Without my consent! I always get a big warning when I try to install a root CA cert on my machine. Why not this time? And, in any case, I just wanted to view the cert, and not install it!

Actually, I repeated the test just by double-clicking on the cert file in Explorer and the same thing happened: I saw the dialog with the CA cert and at the same time it got installed without my consent.

It turned out that this is a feature of Windows called Automatic Root Certificates Update. CryptUIDlgViewCertificate ends up calling CertGetCertificateChain API to build a certificate chain, and this API calls an internal AutoUpdate function. If AutoUpdate detects that Microsoft trusts the CA when building the chain, it installs the CA cert automatically.

Event ID 8 - Automatic Root Certificates Update Configuration
"
The Automatic Root Certificates Update component is designed to automatically check the list of trusted authorities on the Microsoft Windows Update Web site. Specifically, there is a list of trusted root certification authorities (CAs) stored on the local computer. When an application is presented with a certificate issued by a CA, it will check the local copy of the trusted root CA list. If the certificate is not in the list, the Automatic Root Certificates Update component will contact the Microsoft Windows Update Web site to see if an update is available. If the CA has been added to the Microsoft list of trusted CAs, its certificate will automatically be added to the trusted certificate store on the computer.
"

In my case, my test CA cert was not on my local copy of the trusted root CA list (Third-Party Root Certification Authorities), but on Microsoft Windows Update Web site. It’s a root CA cert that I got from Spanish Police, and Microsoft trusts them.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

How to view a certificate programatically (C#)

alejacma — Fri, 13 Feb 2009 11:36:00 GMT

Hi all,

The following C# sample shows a dialog to view a certificate and its properties. This is the same dialog that appears when we double-click on the cert file in Explorer. I'll use CryptUIDlgViewCertificate API and its CRYPTUI_VIEWCERTIFICATE_STRUCT structure to achieve this:

...
using System.Security.Cryptography.X509Certificates;
using System.Runtime.InteropServices;

namespace MyNamespace
{
    public partial class MyClass
    {
...
        public const int CRYPTUI_DISABLE_ADDTOSTORE = 0x00000010;

        [DllImport("CryptUI.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public static extern Boolean CryptUIDlgViewCertificate(
            ref CRYPTUI_VIEWCERTIFICATE_STRUCT pCertViewInfo,
            ref bool pfPropertiesChanged
        );

        public struct CRYPTUI_VIEWCERTIFICATE_STRUCT
        {
            public int dwSize;
            public IntPtr hwndParent;
            public int dwFlags;
            [MarshalAs(UnmanagedType.LPWStr)]
            public String szTitle;
            public IntPtr pCertContext;
            public IntPtr rgszPurposes;
            public int cPurposes;
            public IntPtr pCryptProviderData; // or hWVTStateData
            public Boolean fpCryptProviderDataTrustedUsage;
            public int idxSigner;
            public int idxCert;
            public Boolean fCounterSigner;
            public int idxCounterSigner;
            public int cStores;
            public IntPtr rghStores;
            public int cPropSheetPages;
            public IntPtr rgPropSheetPages;
            public int nStartPage;
        }

        private void MySampleFunction()
        {
            // Get the cert
            X509Certificate2 cert = new X509Certificate2(@"C:\temp\mycert.cer");

            // Show the cert
            CRYPTUI_VIEWCERTIFICATE_STRUCT certViewInfo = new CRYPTUI_VIEWCERTIFICATE_STRUCT();
            certViewInfo.dwSize = Marshal.SizeOf(certViewInfo);
            certViewInfo.pCertContext = cert.Handle;
            certViewInfo.szTitle = "Certificate Info";
            certViewInfo.dwFlags = CRYPTUI_DISABLE_ADDTOSTORE;
            certViewInfo.nStartPage = 0;
            bool fPropertiesChanged = false;
            if (!CryptUIDlgViewCertificate(ref certViewInfo, ref fPropertiesChanged))
            {
                int error = Marshal.GetLastWin32Error();
                MessageBox.Show(error.ToString());
            }
        }
    }
}

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

SHA-2 support on Windows XP

alejacma — Fri, 23 Jan 2009 16:12:00 GMT

Hi all,

If you try to use any SHA-2 algorithm (SHA-256, SHA-384 and SHA-512) on Windows XP, you may get the following error when using i.e. CryptCreateHash: NTE_BAD_ALGID or -2146893816 or 0x80090008 or "Invalid algorithm specified". Same algorithms are supported on Vista, though.

Can we use SHA-2 algorithms in Windows XP at all? The answer is yes, but it will depend on the CSP (Cryptographic Service Provider) that we use to perform the cryptographic operations.

According to our documentation, Windows XP SP3 supports all SHA-2 algorithms except SHA-224:

Overview of Windows XP Service Pack 3
"
Implements and supports the SHA2 hashing algorithms (SHA256, SHA384, and SHA512) in X.509 certificate validation. This has been added to the crypto module rsaenh.dll.
"

Our "Microsoft Base/Strong/Enhanced Cryptographic Providers" are implemented on Rsaenh.dll. If you try to use CryptCreateHash with any SHA-2 Algid (CALG_SHA_256, CALG_SHA_384, CALG_SHA_512) and any of these CSP, you will still get a NTE_BAD_ALGID error on XP SP3. Why? The issue is that those Algid's are only valid with providers of type PROV_RSA_AES, and these CSP are of type PROV_RSA_FULL.

"Microsoft Enhanced RSA and AES Cryptographic Provider" (or "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" as it's called on Windows XP SP3) is implemented in rsaenh.dll and is of type PROV_RSA_AES.

Note that technically speaking, Microsoft AES Cryptographic Provider is just Microsoft Enhanced Cryptographic Provider with support for AES encryption algorithms.

If you open regedit.exe and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults, you will be able to see the available Providers in the system ("Microsoft Enhanced Cryptographic Provider v1.0", "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)", etc.) and the Provider Types ("Type 001" which is "RSA Full (Signature and Key Exchange)", "Type 024" which is "RSA Full and AES"). For each Provider you will also see which dll implements (rsaenh.dll, etc.) it and its Provider Type (1, 24, etc.). For each Provider Type you will see the name of the default Provider for that type. On Vista, default Provider for PROV_RSA_AES is "Microsoft Enhanced RSA and AES Cryptographic Provider", and on XP is "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)".

Regarding SHA-224 support, SHA-224 offers less security than SHA-256 but takes the same amount of resources. Also SHA-224 is not generally used by protocols and applications. The NSA's Suite B standards also do not include it. We have no plans to add it on future versions of our CSPs.

Fortunately, Microsoft's CryptoAPI is based on a model which allows us to use any CSP which implements any algorithm. So we don't and won't implement SHA-224 in our own CSPs, but that doesn't mean that we can't use SHA-224 at all on Windows. We just need a third-party CSP which implements it, or create our own.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

CryptSignHash fails with NTE_BAD_KEYSET

alejacma — Tue, 23 Dec 2008 14:39:00 GMT

Hi all,

The other day I worked on the following issue: a customer of mine had developed an ActiveX which they used to sign some data in Internet Explorer. Their signing code was based on CryptoAPI and worked just fine with some certs, but failed with others with a NTE_BAD_KEYSET error.

So we took some traces with my CryptoAPI Tracer script to see which API was returning the error exactly.

This is the API that failed with NTE_BAD_KEYSET error:

CryptSignHashA (0x1f2c)

IN
hHash
0x3346208

dwKeySpec
AT_KEYEXCHANGE

sDescription
NULL

dwFlags
0

pbSignature
NULL

dwSigLen
46500472

OUT
dwSigLen
46500472

RESULT
CryptSignHashA (0x1f2c) FAILED
LastErrorValue: (HRESULT) 0x80090016 (2148073494) -  Keyset does not exist
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found

My post CryptAcquireContext fails with NTE_BAD_KEYSET refers to CryptAcquireContext API, but the causes of the error should be the same: keys don't exist or we have no permissions to access them.

We can see above that we are trying to sign with AT_KEYEXCHANGE keys.

CryptSignHash Function
"
dwKeySpec [in]
Identifies the private key to use from the provider's container. It can be AT_KEYEXCHANGE or AT_SIGNATURE.
The signature algorithm used is specified when the key pair is originally created.
"

Summing up, we may have two public/private key pairs: AT_KEYEXCHANGE and AT_SIGNATURE. When we generate the keys, we specify which ones we are creating.

CryptGenKey Function
"
In addition to generating session keys for symmetric algorithms, this function can also generate public/private key pairs. Each CryptoAPI client generally possesses two public/private key pairs. To generate one of these key pairs, set the Algid parameter to one of the following values.
Value Meaning
AT_KEYEXCHANGE Key exchange
AT_SIGNATURE Digital signature
"

When we enroll a cert, keys of a given type get created and associated to it. We can use certutil utility on a cert (i.e. "certutil -dump -v cert.pfx") to check if its KeySpec is AT_KEYEXCHANGE or AT_SIGNATURE. In this particular case, working certs have AT_KEYEXCHANGE KeySpec, and failing certs have AT_SIGNATURE.

So we are trying to sign with AT_KEYEXCHANGE keys but the certificates only have AT_SIGNATURE keys.

When we get the CSP of our certificate via API, we can find out which kind of keys are associated to it:

CryptAcquireCertificatePrivateKey
"
pdwKeySpec [out]
The address of a DWORD variable that receives additional information about the key. This can be one of the following values.
Value Meaning
AT_KEYEXCHANGE The key pair is a key exchange pair.
AT_SIGNATURE The key pair is a signature pair.
"

The following sample shows how to use CryptAcquireCertificatePrivateKey to get the CSP of a certificate and its Keyspec, and sign with it:

How to sign and verify with CryptoAPI and a user certificate

Note: in this sample I only sign with AT_SIGNATURE. We should modify the sample to get the right KeySpec with CryptAcquireCertificatePrivateKey and pass it to CryptSignHash so it uses the right keys to sign.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

How to sign EXE files with an Authenticode certificate (part 2)

alejacma — Thu, 11 Dec 2008 12:59:00 GMT

Hi all, welcome back,

The other day a customer of mine was having an issue with SignTool.exe when signing an EXE file. The EXE file was getting corrupted/unusable after signing it.

When troubleshooting this issue, I had the chance to play a bit more with SignTool and check what it does behind the scenes.

Note: I already talked a bit about signing EXEs in post How to sign EXE files with an Authenticode certificate (VB.NET). This new post will add more details and samples.

SignTool.exe uses CAPICOM.SignedCode class and its Sign method to do the signing.

The following VBScript shows how we may use CAPICOM to do the signing programmatically:

Option Explicit

Dim szCertName, szExeToSign
szCertName = "My cert Subject"
szExeToSign = "MyApplication.exe"

Const CAPICOM_CURRENT_USER_STORE = 2
Const CAPICOM_STORE_OPEN_READ_ONLY = 0
Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1
Const CAPICOM_AUTHENTICATED_ATTRIBUTE_DOCUMENT_DESCRIPTION = 2

' Get certificate for signing
'
Dim objStore
Set objStore = WScript.CreateObject("CAPICOM.Store")
objStore.Open CAPICOM_CURRENT_USER_STORE, "My", CAPICOM_STORE_OPEN_READ_ONLY
Dim objSigningCert
Set objSigningCert = objStore.Certificates.Find(CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, szCertName).Item(1)

' Create a signer for the code
'
Dim objSigner
Set objSigner = WScript.CreateObject("CAPICOM.Signer")
objSigner.Certificate = objSigningCert

' Sign the file
'
Dim objSignedCode
Set objSignedCode = WScript.CreateObject("CAPICOM.SignedCode")
objSignedCode.FileName = szExeToSign
objSignedCode.Sign objSigner
objSignedCode.TimeStamp "http://timestamp.globalsign.com/scripts/timstamp.dll"

WScript.Echo "Done!"

Note that this sample also shows how to time stamp a signature programmatically.

This sample was also reproducing my customer's issue. So I checked what CAPICOM does behind the scenes to further troubleshoot the issue.

CAPICOM.SignedCode.Sign uses CryptUIWizDigitalSign API to do the signing.

The following VB.NET sample uses CryptUIWizDigitalSign through P/Invoke to do the signing programmatically:

<SAMPLE file="Crypto.vb">

Imports System.Runtime.InteropServices
Imports System.Security.Cryptography
Imports System.ComponentModel
Imports System.Windows.Forms

Public Class Crypto

    ' #define CRYPTUI_WIZ_NO_UI     1
    Public Const CRYPTUI_WIZ_NO_UI As Int32 = 1

    ' #define CRYPTUI_WIZ_DIGITAL_SIGN_SUBJECT_FILE     0x01
    Public Const CRYPTUI_WIZ_DIGITAL_SIGN_SUBJECT_FILE As Int32 = 1

    ' #define CRYPTUI_WIZ_DIGITAL_SIGN_CERT                    0x01
    Public Const CRYPTUI_WIZ_DIGITAL_SIGN_CERT As Int32 = 1

    ' typedef struct _CRYPTUI_WIZ_DIGITAL_SIGN_INFO {  
    '   DWORD dwSize;  
    '   DWORD dwSubjectChoice;  
    '   union {    
    '       LPCWSTR pwszFileName;    
    '       PCCRYPTUI_WIZ_DIGITAL_SIGN_BLOB_INFO pSignBlobInfo;  
    '   };  
    '   DWORD dwSigningCertChoice;  
    '   union {    
    '       PCCERT_CONTEXT pSigningCertContext;    
    '       PCCRYPTUI_WIZ_DIGITAL_SIGN_STORE_INFO pSigningCertStore;    
    '       PCCRYPTUI_WIZ_DIGITAL_SIGN_CERT_PVK_INFO pSigningCertPvkInfo;  
    '   };  
    '   LPCWSTR pwszTimestampURL;  
    '   DWORD dwAdditionalCertChoice;  
    '   PCCRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO pSignExtInfo;
    ' } CRYPTUI_WIZ_DIGITAL_SIGN_INFO;
    <StructLayout(LayoutKind.Sequential)> _
    Public Structure CRYPTUI_WIZ_DIGITAL_SIGN_INFO
        Public dwSize As Int32
        Public dwSubjectChoice As Int32
        <MarshalAs(UnmanagedType.LPWStr)> Public pwszFileName As String
        Public dwSigningCertChoice As Int32
        Public pSigningCertContext As IntPtr
        Public pwszTimestampURL As String
        Public dwAdditionalCertChoice As Int32
        Public pSignExtInfo As IntPtr
    End Structure

    ' typedef struct _CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT {  
    '      DWORD dwSize;  
    '      DWORD cbBlob;  
    '      BYTE* pbBlob;
    ' } CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT;
    <StructLayout(LayoutKind.Sequential)> _
    Public Structure CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT
        Public dwSize As Int32
        Public cbBlob As Int32
        Public pbBlob As IntPtr
    End Structure

    ' BOOL WINAPI CryptUIWizDigitalSign(
    '      DWORD dwFlags,
    '      HWND hwndParent,
    '      LPCWSTR pwszWizardTitle,
    '      PCCRYPTUI_WIZ_DIGITAL_SIGN_INFO pDigitalSignInfo,
    '      PCCRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT* ppSignContext
    ' );
    <DllImport("Cryptui.dll", CharSet:=CharSet.Unicode, SetLastError:=True)> _
    Public Shared Function CryptUIWizDigitalSign( _
        ByVal dwFlags As Int32, _
        ByVal hwndParent As IntPtr, _
        ByVal pwszWizardTitle As String, _
        ByRef pDigitalSignInfo As CRYPTUI_WIZ_DIGITAL_SIGN_INFO, _
        ByRef ppSignContext As IntPtr _
    ) As Boolean
    End Function

    ' BOOL WINAPI CryptUIWizFreeDigitalSignContext(
    '   PCCRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT pSignContext
    ' );
    <DllImport("Cryptui.dll", CharSet:=CharSet.Auto, SetLastError:=True)> _
    Public Shared Function CryptUIWizFreeDigitalSignContext( _
        ByVal pSignContext As IntPtr _
    ) As Boolean
    End Function

End Class

</SAMPLE>

<SAMPLE file="Module1.vb">

Imports System.ComponentModel
Imports System.Runtime.InteropServices
Imports SignExe.Crypto
Imports System.Security.Cryptography.X509Certificates
Imports System.IO

Module Module1

    Sub Main()

        ' Parameters
        Dim certPath As String = "MyCert.pfx"
        Dim exePath As String = "MyApplication.exe"
        Dim sigPath As String = "signature.sig"

        ' Variables
        '
        Dim cert As X509Certificate2
        Dim digitalSignInfo As CRYPTUI_WIZ_DIGITAL_SIGN_INFO
        Dim pSignContext As IntPtr
        Dim pSigningCertContext As IntPtr
        Dim signContext As CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT
        Dim fileOut As FileStream
        Dim binWriter As BinaryWriter
        Dim blob() As Byte

        Try
            ' Get certificate context
            '
            cert = New X509Certificate2(certPath, "")
            pSigningCertContext = cert.Handle

            ' Prepare signing info: exe and cert
            '
            digitalSignInfo = New CRYPTUI_WIZ_DIGITAL_SIGN_INFO
            digitalSignInfo.dwSize = Marshal.SizeOf(digitalSignInfo)
            digitalSignInfo.dwSubjectChoice = CRYPTUI_WIZ_DIGITAL_SIGN_SUBJECT_FILE
            digitalSignInfo.pwszFileName = exePath
            digitalSignInfo.dwSigningCertChoice = CRYPTUI_WIZ_DIGITAL_SIGN_CERT
            digitalSignInfo.pSigningCertContext = pSigningCertContext
            digitalSignInfo.pwszTimestampURL = vbNullString
            digitalSignInfo.dwAdditionalCertChoice = 0
            digitalSignInfo.pSignExtInfo = IntPtr.Zero

            ' Sign exe
            '
            If (Not CryptUIWizDigitalSign( _
                CRYPTUI_WIZ_NO_UI, _
                IntPtr.Zero, _
                vbNullString, _
                digitalSignInfo, _
                pSignContext _
            )) Then
                Throw New Win32Exception(Marshal.GetLastWin32Error(), "CryptUIWizDigitalSign")
            End If

            ' Get the blob with the signature
            '
            signContext = Marshal.PtrToStructure(pSignContext, GetType(CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT))
            blob = New Byte(signContext.cbBlob) {}
            Marshal.Copy(signContext.pbBlob, blob, 0, signContext.cbBlob)

            ' Store the signature in a new file
            '
            fileOut = File.Open(sigPath, FileMode.Create)
            binWriter = New BinaryWriter(fileOut)
            binWriter.Write(blob)
            binWriter.Close()
            fileOut.Close()

            ' Free blob
            '
            If (Not CryptUIWizFreeDigitalSignContext(pSignContext)) Then
                Throw New Win32Exception(Marshal.GetLastWin32Error(), "CryptUIWizFreeDigitalSignContext")
            End If

            ' We are done
            Console.WriteLine("Done!!!")

        Catch ex As Win32Exception
            ' Any expected errors?
            '
            Console.WriteLine(ex.Message + " error#" + ex.NativeErrorCode.ToString)
        Catch ex As Exception
            ' Any unexpected errors?
            '
            Console.WriteLine(ex.Message)
        End Try

        ' We are done
        '
        Console.WriteLine("<< Press any key to continue >>")
        Console.ReadKey()

    End Sub

End Module

</SAMPLE>

This sample was also reproducing the issue. So I checked what CryptUIWizDigitalSign does behind the scenes.

CryptUIWizDigitalSign API uses SignerSignEx API to do the signing.

The following VC++ sample uses SignerSignEx API to do the signing programmatically:

#include "windows.h"
#include "Wincrypt.h"
#include "stdio.h"
#include "conio.h"


// STRUCTS

typedef struct _SIGNER_FILE_INFO {  
	DWORD cbSize;  
	LPCWSTR pwszFileName;  
	HANDLE hFile;
} SIGNER_FILE_INFO,  *PSIGNER_FILE_INFO;

typedef struct _SIGNER_BLOB_INFO {  
	DWORD cbSize;  
	GUID *pGuidSubject;  
	DWORD cbBlob;  
	BYTE *pbBlob;  
	LPCWSTR pwszDisplayName;
} SIGNER_BLOB_INFO,  *PSIGNER_BLOB_INFO;

typedef struct _SIGNER_SUBJECT_INFO {  
	DWORD cbSize;  
	DWORD *pdwIndex;  
	DWORD dwSubjectChoice;  
	union {    
		SIGNER_FILE_INFO *pSignerFileInfo;    
		SIGNER_BLOB_INFO *pSignerBlobInfo;  
	} ;
} SIGNER_SUBJECT_INFO,  *PSIGNER_SUBJECT_INFO;

typedef struct _SIGNER_CERT_STORE_INFO {  
	DWORD cbSize;  
	PCCERT_CONTEXT pSigningCert;  
	DWORD dwCertPolicy;  
	HCERTSTORE hCertStore;
} SIGNER_CERT_STORE_INFO,  *PSIGNER_CERT_STORE_INFO;

typedef struct _SIGNER_SPC_CHAIN_INFO {  
	DWORD cbSize;  
	LPCWSTR pwszSpcFile;  
	DWORD dwCertPolicy;  
	HCERTSTORE hCertStore;
} SIGNER_SPC_CHAIN_INFO,  *PSIGNER_SPC_CHAIN_INFO;

typedef struct _SIGNER_CERT {  
	DWORD cbSize;  
	DWORD dwCertChoice;  
	union {    
		LPCWSTR pwszSpcFile;    
		SIGNER_CERT_STORE_INFO *pCertStoreInfo;    
		SIGNER_SPC_CHAIN_INFO *pSpcChainInfo;  
	} ;  
	HWND hwnd;
} SIGNER_CERT,  *PSIGNER_CERT;

typedef struct _SIGNER_ATTR_AUTHCODE {  
	DWORD cbSize;  
	BOOL fCommercial;  
	BOOL fIndividual;  
	LPCWSTR pwszName;  
	LPCWSTR pwszInfo;
} SIGNER_ATTR_AUTHCODE,  *PSIGNER_ATTR_AUTHCODE;

typedef struct _SIGNER_SIGNATURE_INFO {  
	DWORD cbSize;  
	ALG_ID algidHash;  
	DWORD dwAttrChoice;  
	union {    
		SIGNER_ATTR_AUTHCODE *pAttrAuthcode;  
	} ;  
	PCRYPT_ATTRIBUTES psAuthenticated;  
	PCRYPT_ATTRIBUTES psUnauthenticated;
} SIGNER_SIGNATURE_INFO,  *PSIGNER_SIGNATURE_INFO;

typedef struct _SIGNER_PROVIDER_INFO {  
	DWORD cbSize;  
	LPCWSTR pwszProviderName;  
	DWORD dwProviderType;  
	DWORD dwKeySpec;  
	DWORD dwPvkChoice;  
	union {    
		LPWSTR pwszPvkFileName;    
		LPWSTR pwszKeyContainer;  
	} ;
} SIGNER_PROVIDER_INFO,  *PSIGNER_PROVIDER_INFO;

typedef struct _SIGNER_CONTEXT {  
	DWORD cbSize;  
	DWORD cbBlob;  
	BYTE *pbBlob;
} SIGNER_CONTEXT,  *PSIGNER_CONTEXT;


// EXPORTS 

typedef HRESULT (WINAPI* SignerFreeSignerContextType)(
  __in  SIGNER_CONTEXT *pSignerContext
);

typedef HRESULT (WINAPI *SignerSignExType)(
  __in      DWORD dwFlags,
  __in      SIGNER_SUBJECT_INFO *pSubjectInfo,
  __in      SIGNER_CERT *pSignerCert,
  __in      SIGNER_SIGNATURE_INFO *pSignatureInfo,
  __in_opt  SIGNER_PROVIDER_INFO *pProviderInfo,
  __in_opt  LPCWSTR pwszHttpTimeStamp,
  __in_opt  PCRYPT_ATTRIBUTES psRequest,
  __in_opt  LPVOID pSipData,
  __out     SIGNER_CONTEXT **ppSignerContext
);


// MAIN

void main()
{
	// PARAMETERS

	// File to sign
	LPCWSTR pwszFileName = L"C:\\TEST\\MyApplication.exe";

	// Signing Cert Subject
	LPCWSTR pwszCertSubject = L"My cert Subject";

	// VARIABLES
	HRESULT hResult = S_OK;
	BOOL bResult = TRUE;
	HMODULE hMssign32 = NULL;
	SignerSignExType pfSignerSignEx = NULL;
	SignerFreeSignerContextType pfSignerFreeSignerContext = NULL;
	HANDLE hFile = NULL;
	HCERTSTORE hCertStore = NULL; 
	PCCERT_CONTEXT pCertContext = NULL;
	DWORD dwIndex = 0;
	SIGNER_FILE_INFO signerFileInfo;
	SIGNER_SUBJECT_INFO signerSubjectInfo;
	SIGNER_CERT_STORE_INFO signerCertStoreInfo;
	SIGNER_CERT signerCert;
	SIGNER_SIGNATURE_INFO signerSignatureInfo;
	SIGNER_CONTEXT * pSignerContext = NULL;

	// MAIN

	// Attach a debugger now!
	printf("<< Press any key to continue>>\n");
	_getch();

	// Load library containing SignerSignEx and SignerFreeSignerContext
	printf("LoadLibrary...");
	hMssign32 = LoadLibrary(L"Mssign32.dll");
	if (!hMssign32)
	{
		printf("Error #%d\n", GetLastError()); goto cleanup;
	}
	printf("Done!\n");

	// Get SignerSignEx function
	printf("GetProcAddress(SignerSignEx)...");
	pfSignerSignEx = (SignerSignExType) GetProcAddress(hMssign32, "SignerSignEx");
	if (!pfSignerSignEx)
	{
		printf("Error #%d\n", GetLastError()); goto cleanup;
	}
	printf("Done!\n");

	// Get SignerFreeSignerContext function
	printf("GetProcAddress(SignerFreeSignerContext)...");
	pfSignerFreeSignerContext = (SignerFreeSignerContextType) GetProcAddress(hMssign32, "SignerFreeSignerContext");
	if (!pfSignerFreeSignerContext)
	{
		printf("Error #%d\n", GetLastError()); goto cleanup;
	}
	printf("Done!\n");

	// Open file to sign
	printf("CreateFile...");
	hFile = CreateFile(
		pwszFileName,
		GENERIC_READ | GENERIC_WRITE,
		0,
		NULL,
		OPEN_EXISTING,
		FILE_ATTRIBUTE_NORMAL,
		NULL
	);
	if (!hFile)
	{
		printf("Error #%d\n", GetLastError()); goto cleanup;
	}
	printf("Done!\n");

	// Open MY cert store
	printf("CertOpenStore...");
	hCertStore = CertOpenStore(
		CERT_STORE_PROV_SYSTEM, 
		0,
		NULL,
		CERT_SYSTEM_STORE_CURRENT_USER,
		L"MY"
	);                 
	if (!hCertStore)
	{
		printf("Error #%d\n", GetLastError()); goto cleanup;
	}
	printf("Done!\n");

	// Find signing cert in MY cert store
	printf("CertFindCertificateInStore...");
	pCertContext = CertFindCertificateInStore(
		hCertStore,
		X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
		0,
		CERT_FIND_SUBJECT_STR,
		(void *)pwszCertSubject,
		NULL
	);
	if (!pCertContext)
	{
		printf("Error #%d\n", GetLastError()); goto cleanup;
	}
	printf("Done!\n");

	// Prepare SIGNER_FILE_INFO struct
	signerFileInfo.cbSize = sizeof(SIGNER_FILE_INFO);
	signerFileInfo.pwszFileName = pwszFileName;
	signerFileInfo.hFile = hFile;

	// Prepare SIGNER_SUBJECT_INFO struct
	signerSubjectInfo.cbSize = sizeof(SIGNER_SUBJECT_INFO);
	dwIndex = 0;
	signerSubjectInfo.pdwIndex = &dwIndex;
	signerSubjectInfo.dwSubjectChoice = 1; // SIGNER_SUBJECT_FILE
	signerSubjectInfo.pSignerFileInfo = &signerFileInfo;

	// Prepare SIGNER_CERT_STORE_INFO struct
	signerCertStoreInfo.cbSize = sizeof(SIGNER_CERT_STORE_INFO);
	signerCertStoreInfo.pSigningCert = pCertContext;
	signerCertStoreInfo.dwCertPolicy = 2; // SIGNER_CERT_POLICY_CHAIN
	signerCertStoreInfo.hCertStore = NULL;

	// Prepare SIGNER_CERT struct
	signerCert.cbSize = sizeof(SIGNER_CERT);
	signerCert.dwCertChoice = 2; // SIGNER_CERT_STORE
	signerCert.pCertStoreInfo = &signerCertStoreInfo;
	signerCert.hwnd = NULL;

	// Prepare SIGNER_SIGNATURE_INFO struct
	signerSignatureInfo.cbSize = sizeof(SIGNER_SIGNATURE_INFO);
	signerSignatureInfo.algidHash = CALG_SHA1;
	signerSignatureInfo.dwAttrChoice = 0; // SIGNER_NO_ATTR
	signerSignatureInfo.pAttrAuthcode = NULL;
	signerSignatureInfo.psAuthenticated = NULL;
	signerSignatureInfo.psUnauthenticated = NULL;

	// Sign file with cert
	printf("SignerSignEx...");
	hResult = pfSignerSignEx(
		0,
		&signerSubjectInfo,
		&signerCert,
		&signerSignatureInfo,
		NULL,
		NULL,
		NULL,
		NULL,
		&pSignerContext
	);
	if (S_OK != hResult)
	{
		printf("Error #%d\n", hResult); goto cleanup;
	}
	printf("Done!\n");

	printf("\nSUCCESS!!!\n");

	// Clean up
cleanup:

	if (pSignerContext)
	{
		hResult = pfSignerFreeSignerContext(pSignerContext);
	}

	if (pCertContext)
	{
		bResult = CertFreeCertificateContext(pCertContext);
	}

	if (hCertStore)
	{
		bResult = CertCloseStore(hCertStore, CERT_CLOSE_STORE_CHECK_FLAG);
	}

	if (hFile)
	{
		bResult = CloseHandle(hFile);
	}

	if (hMssign32)
	{
		bResult = FreeLibrary(hMssign32);
	}

	// Exit
	printf("<< Press any key to exit >>\n");
	_getch();
	return;
}

This sample was also reproducing the issue.

Finally we saw that the issue was not in SignTool.exe / CAPICOM.SignCode.Sign / CryptUIWizDigitalSign / SignerSignEx, but in the EXE itself!

I run Visual Studio's Dumpbin.exe with its "/HEADER" parameter to list the problematic EXE's PE header information before and after signing it (the Microsoft Portable Executable and Common Object File Format Specification gives detailed information about PE header information).

Before signing, I could see the following Optional Header Value:

1400 [ C40] RVA [size] of Certificates Directory

After signing, I could see the following value:

1400 [ 1650] RVA [size] of Certificates Directory

Certificates Directory points to the location of the code signing signature in the binary. So an EXE which has not been signed should contain the following values:

0 [ 0] RVA [size] of Certificates Directory

Which was not our case. So SignerSignEx was not corrupting the EXE when signing it. It was already corrupted before that, even if it was successfully running before signing!

Just for testing, I opened the problematic EXE with a binary editor before signing it. I looked for "00 14 00 00 04 0c 00 00" bytes (correspondent to "1400 [ C40] RVA [size] of Certificates Directory" values), changed them to "00 00 00 00 00 00 00 00" and signed the EXE. It worked! Now the EXE is not corrupted and I can see the Digital Signature in Explorer, the certificate I used to sign, launch the EXE and run it as expected.

Manually modifying the PE header is not supported by Microsoft. If you face a similar issue, you should work with the team that developed the EXE and focus on why the EXE got generated with an invalid PE header in the first place.

I looked on the Internet and found that there are some third-party tools which may help us to see and modify the PE header if needed for testing purposes, for example PEInfo 0.9 BETA which I haven't tried so I can't neither recommend nor discourage its use.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)

CryptographicException: Unable to open the access token of the current thread

alejacma — Wed, 30 Jul 2008 10:41:00 GMT

Hi all,

When working with RSACryptoServiceProvider, we may get an exception like the following:

System.Security.Cryptography.CryptographicException: Unable to open the access token of the current thread
   at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
   at System.Security.Cryptography.Utils._GetKeyParameter(SafeKeyHandle hKey, UInt32 paramID)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters parameters)

I've seen this exception i.e. when signing an XML with a certificate associated to a specific Cryptographic Service Provider (CSP).

Let's use my CryptoAPI Tracer script to get all CryptoAPI calls that .NET is making behind the scenes. This will help us to know exactly what's going on.

We can see in the logs generated by the script the call to CryptAcquireContext we make to get the key container of the certificate. We can also see the CSP associated to the certificate:

CryptAcquireContextA (0xd8c)

IN
pszContainer
00228620  "2e065b6c-027a-4746-bdf3-901a9980"
00228640  "66ea"

pszProvider
00205e60  "Third-party CSP"

dwProvType
PROV_RSA_FULL

dwFlags
0

OUT
hProv
0x228248

RESULT
CryptAcquireContextA (0xd8c) SUCCEEDED

Note: I won't use the real name of the third-party CSP where I detected this issue. This post is for illustration purposes only. I don't prettend to blame anyone in particular.

Then .NET makes the following call to CryptGetKeyParam to find out the size of a buffer which will hold the value of the algorithm of the key:

CryptGetKeyParam (0xd8c)

IN
hKey
0x230058

dwParam
KP_ALGID

pbData
NULL 

dwDataLen
0

dwFlags
0

OUT
dwDataLen
4

RESULT
CryptGetKeyParam (0xd8c) FAILED
LastErrorValue: (HRESULT) 0x80010125 (2147549477) - Unable to open the access token of the current thread
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.

Note on IN parameters:

- This hKey value is the key handle.

- This dwParam value indicates that we want the algorithm of the key.

- This pbData value indicates that there is no buffer available yet.

- This pdwDataLen value is 0 because we want to find out the size that we need for the pbData buffer.

- dwFlags should always be 0.

This call is returning 4 in dwDataLen, which is correct as the ALGID will be 4 bytes long. But the API is also returning the error 0x80010125 (2147549477) - "Unable to open the access token of the current thread". CryptoAPI just passes the parameters to the CSP and returns the results. The call to the API is 100% correct, but the CSP is not honoring it. This is not a bug in .NET or CryptoAPI. This is a bug on the CSP.

If you are facing this issue please contact the CSP provider. At least in the case of the third-party CSP where we found the issue they were already aware of it. They immediately sent an upgrade to our customers which fixed this issue.

I hope this helps.

Cheers,

Alex (Alejandro Campos Magencio)

Threading issues with RSACryptoServiceProvider

alejacma — Mon, 30 Jun 2008 16:01:00 GMT

Hi all,

When using RSACryptoServiceProvider in i.e. ASP.NET you may get the following exception under a heavy load scenario:

"System.Security.Cryptography.CryptographicException: CryptoAPI cryptographic service provider (CSP) for this implementation could not be acquired".

We've seen in past posts (sample) how we can use my CryptoAPI Tracer script to take a look to the CryptoAPI calls that RSACryptoServiceProvider makes behind the scenes.

In this case we can see that RSACryptoServiceProvider constructor calls CryptAcquireContext API. The first call to CryptAcquireContext API fails with error NTE_BAD_KEYSET ("Keyset does not exist"). Then a second call is attempted to create the key set, but it fails with error NTE_EXISTS ("Object already exists"). So it seems the keyset is there, but it can't be accessed. Concurrency issues? Maybe. Check this article first to verify that we don't get these errors for another reason: CryptAcquireContext fails with NTE_BAD_KEYSET.

So we are having concurrency issues. Consider the application performs the following sequence in two steps:
1) Open a given named machine key container.
2) If open fails, create that named machine key container.

This sequence is not an automatic operation. If multiple threads are attempting to do the same sequence and assume 2 threads attempt to create the same named machine key container, the second call will fail with "key container already exists".

As we've seen this is what RSACryptoServiceProvider constructor does similar to any application calling CryptAcquireContext API twice.

If the application is always working with the same RSA key in a named key container, key containers must be acquired only once in the process using CryptAcquireContext. When multiple threads are using the same RSA instance for encryption/decryption, the instance methods are not thread safe.

At the CryptoAPI level we've already seen threading issues when dealing with key handles in applications. When calling CryptoAPI directly we have a lot more control when the key handle is obtained, the type of handle, how it is used and whether it is thread safe. e.g. After a RSA key handle has been obtained by using the CryptGetUserKey function, RSA operations are thread safe.

There is not much control when using RSACryptoServiceProvider as it doesn’t expose key handles.

These are some suggestions to minimize threading issues in ASP.NET:

1) Set CspParameters.KeyContainer name when creating an RSACryptoServiceProvider object. Never use the default one, NEVER! This is prone to store corruption. We talked about this already.

2) Explicitely call Dispose on the RSACrytpoServiceProvider object when possible. This way, we don't rely on the Garbage Collector to "eventually" release the CSP.

3) Set UseMachineKeyStore in CspParameters.Flags when creating an RSACryptoServiceProvider. This flag tells RSACryptoServiceProvider to use "machine location" for storing RSA public/private key pair instead of the "current user" location. This is equivalent to calling CryptAcquireContext API with CRYPT_MACHINE_KEYSET. Make sure all the threads using the RSA instance are running under the same account.

4) Don't set RSACryptoServiceProvider.PersistKeyInCSP to False. This will cause the key container to be deleted when RSA instance is released or garbage collected. If multiple threads are trying to access the same named key container, the state of that named key container could be in a temporary cleaned up state and it cannot be acquired.

5) Another option would be for us to instantiate RSACryptoServiceProvider once as part of Web Application initialization and then use that same instance for encryption or decryption under a critical section like lock (i.e. Mutex). This would also avoid reacquiring key container multiple times from the same process.

I hope this helps.

Regards,

Alex (Alejandro Campos Magencio)