I was testing with some code to get the CSP name from a certificate containing the private key. A sample code is shown below: // GetCSPFromCert.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include...

  Many a times I do get this questions from my varied customers and colleagues and I cannot answer them instantly or even after looking here and there for a day. So I just wanted to blog it. Please see the MSDN link http://msdn.microsoft.com/en-us...

1. You are using RSACryptoServiceProvider for computing SHA-2 signatures. 2. Doing this you get unhandled exceptions of type "System.ArgumentException" in mscorlib.dll saying "Value was invalid". 3. A typical call that failed was:...

  Here is the symptom: 1.    You are using RSACryptoServiceProvider for computing SHA-2 signatures. 2.    Doing this you get unhandled exceptions of type "System.ArgumentException" in mscorlib.dll saying "Value...

CAdES is an extension of CMS and these extensions, where present, require a different process to check the signature. Our .Net security libraries (System.Security.Cryptography) though verify a CAdES message; it actually ignores the CAdES part within the...

With introduction of UAC, I often get two questions for Windows Vista and later. 1) How to launch an application in the Administrative context from an application which is running in standard user’s context? 2) How to launch application in...

If you have implemented your random number generator make sure that you register it using BCryptRegisterProvider function. Add the algorithm name to the list of symmetric cipher algorithm class using BCryptAddContextFunction. Example: ...

There are no ADSI/LDAP API’s that eventually could directly use the Smart Card Credentials. We could follow the steps below: 1. Get the user credentials by reading in the certificate from the Smart card. 2. Call LogonUser() to get the user’s...

If you have to screen capture using Windows Media Encoder please follow the steps below. Start Windows Media Encoder (WM Encoder). To download WM encoder please refers to the link http://www.microsoft.com/downloads/details.aspx?FamilyID=5691ba02...

You might get a high CPU usage while decrypting using RSA keys The root cause of this issue (high CPU usage while decrypting using RSA keys) is as stated in the MSDN link http://msdn.microsoft.com/en-us/magazine/cc163676.aspx . The name...

The basic high level steps to read a certificate from a Smart Card and add it to the system store are: 1. Establish a Smart Card context using SCardEstablishContext. 2. Display the select card dialog box. 3. Get the card type provider name. ...

Here are the steps for creating a self-signed certificate with the key container created at the machine key set. Step 1: Get the CSP handle by creating the key container at the machine key folder. if (!CryptAcquireContext(&hCryptProv...

You create a key container on a machine for a specific user on the user’s profile. You log off the user and login with the administrator account and forcibly change the user’s password. Next time if you log on to the machine with the...

You may get a runtime error with your 64 bit managed Windows Media Encoder application while the 32 bit application runs perfect. This happens basically when your application tries to encode or more specifically transcode certain files that usually...

While updating your Windows 2000 box with latest security fixes you may get a situation where you may be stuck with the security fix MS10-013 asking you to update the latest DirectX. Basically this happens when you are doing a system update with the...

An understanding of SignedCms.CheckSignature(True) based on the code stated below. ' Create a ContentInfo object from the inner content obtained ' independently from encodedMessage. Dim contentInfo As New ContentInfo(innerContent...

You may want to use a Crypto API for Advanced Encryption Standard that is FIPS 140-2 complaint. While doing this using managed code you can come across the AesCryptoServiceProvider class that is FIPS complaint. I want to highlight some points before...

CertCloseStore is called with flag CERT_CLOSE_STORE_FORCE_FLAG. This flag forces CertCloseStore to free memory for all contexts associated with the store. This flag can be safely used only when the store is opened in a function and neither the store handle...

I have seen developers trying to call cryptographic functions/ API’s within DllMain and thereby creating a hang in their application that calls this DLL. The reason behind this is not the cryptographic API but this is a classical deadlock example. This...

This is a small blog post but I found it handy and useful to document. I created a test certificate with name “shmisra” and kept it in the “Personal” store in the users profile as shown below. I read this certificate and print its details using the code...

While trying to extract the public key from a certificate you may get an exception that says: 'System.Security.Cryptography.CryptographicException - The index value is not valid'. The exact error is CRYPT_E_INVALID_INDEX which means "The index value...

You may get a service timeout from your signed .NET service application while the OS does a revocation check to verify the certificate that signed the EXE. The reason behind this time out is because of a worker thread which is waiting for a response from...

DecryptMessage (Schannel) function returns SEC_E_INVALID_TOKEN, means the buffers are of the wrong type or no buffer of type SECBUFFER_DATA was found. In short the buffers are not set properly. A quick reference is the example at the link http://msdn...

A cryptographic service provider creates key containers for storing RSA public/private asymmetric key pairs. Key containers are stored in the user profiles unless you specify the machine key folder. Say you use RSACryptoServiceProvider class to create...

In Windows Vista and later there is a cool feature of making network shared files available offline and maintaining the synchronization through a newly added component called Sync Centre.  You may find more information about it here:  Explore...