Decrypt my World

Cryptography, Security, Debugging and more!

"An internal error ocurred" when using AES algorithms with EnvelopedCms

"An internal error ocurred" when using AES algorithms with EnvelopedCms

  • Comments 1

Hi all,

The other day a customer of mine got this exception when trying to use AES algorithms with EnvelopedCms class in their .NET 3.5 application:

Exception type: System.Security.Cryptography.CryptographicException
Message: An internal error occurred.

They got the exception on Windows Vista SP2/Server 2008 SP2 and later versions when using using a third-party CSP. Why?

EnvelopedCms class uses CAPI2 (CryptMsg* API) behind the scenes. CAPI2 requires a CNG provider for any algorithm that is not on this list:

CryptFindOIDInfo Function
"
Symmetric Encryption Algorithms:

CALG_DES
CALG_3DES
CALG_RC2
CALG_RC4

Algorithms that are not listed are supported by using Cryptography API: Next Generation (CNG) only;
"

In customer's scenario, third-party CSP was a legacy CSP and not a CNG provider.

Summing up, if you want to work with i.e. AES128, AES192 & AES256 algorithms, you will need a CNG provider.

Now, I will post about this in greater detail soon, but EnvelopedCms class doesn't support CNG. So basically, we cannot use AES algorithms with that class under this scenario.

I hope this helps.
Regards,

Alex (Alejandro Campos Magencio)

 

PS: This post is related to this: "An internal error ocurred" when using SHA-2 algorithms with SignedCMS. For any algorithms not included in CryptFindOIDInfo Function, we will have to use CNG instead of legacy providers.

  • Will EnvelopedCMS be supporting AES any time soon?

Page 1 of 1 (1 items)
Leave a Comment
  • Please add 4 and 8 and type the answer here:
  • Post
Translate This Page