Some time ago a customer of mine was trying to export the private key associated to a certificate stored in a smart card, and for that he was trying to use the RSACryptoServiceProvider.ExportParameters method with a code like the following:
System.Security.Cryptography.X509Certificates.X509Certificate2 cert = GetCert(certName);
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey;
RSAParameters params = rsa.ExportParameters(true);
But ExportParameters was returning the following exception:
System.Security.Cryptography.CryptographicException: Invalid type specified
To troubleshoot this error, we took traces with the following debugger script of mine: CryptoAPI Tracer script.
With those traces we saw that the error came from CryptExportKey API. The reason of the error was that the third-party Cryptographic Service Provider (CSP) associated to the certificate won’t allow us to export the private keys from the smart card. This actually makes sense if we think about the main purpose of smart cards in this scenario: hold private keys which can only be accessed directly from the smart card whenever they are needed to sign or decrypt data.
For completeness, this is the relevant sequence of calls written by the script:
002817c0 "Some Container"
0612e828 "My third-party smart card Prov"
CryptAcquireContextW (0xc58) SUCCEEDED
CryptGetUserKey (0xc58) SUCCEEDED
CryptExportKey (0xc58) FAILED
LastErrorValue: (HRESULT) 0x8009000a (2148073482) - Invalid type specified.
LastStatusValue: (NTSTATUS) 0 - STATUS_WAIT_0
I hope this helps.
Alex (Alejandro Campos Magencio)