Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Error instantiating RSACryptoServiceProvider

7 views
Skip to first unread message

Ignus Fast

unread,
Mar 11, 2005, 6:42:16 PM3/11/05
to
I'm trying to instantiate an RSACryptoServiceProvider in a web service,
which works fine on my local machine. But when I move the web service out
to my production server, it blows up with the following error:

System.Security.Cryptography.CryptographicException: CryptoAPI cryptographic
service provider (CSP) for this implementation could not be acquired.
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32
dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at
System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters
parameters)


Things I've tried:

Using a CspProviderFlags objects to use the MachineKeyStore:

CspParameters cspParams = new CspParameters();
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
rsacsp = new RSACryptoServiceProvider(cspParams);

Setting the ASPNET user to have full permissions to the MachineKeys
folder.

Originally I was just reading in the cert, then passing the
X509Certificate.PublicKey to SignedXml.CheckSignature(). This I thought
*should* have worked, since the CheckSignature method accepts an RSA, but it
always returned false (both locally and on the remote server). So I'm
exporting the 509Certificate.PublicKey data into an
RSACryptoServiceProvider, which works fine with SignedXml.CheckSignature()
locally, but always results in the above error on the remote server.

Any suggestions?

Ignus Fast

unread,
Mar 14, 2005, 10:41:30 AM3/14/05
to
Anyone? Please, help me! :)

Ignus


"Ignus Fast" <ju...@no.com> wrote in message
news:eW6p2PpJ...@TK2MSFTNGP09.phx.gbl...

Cantelmo Software

unread,
Mar 15, 2005, 5:04:13 AM3/15/05
to
try with CAS (code access security) permission:
http://www.codeproject.com/dotnet/UB_CAS_NET.asp

Marcello
www.cantelmosoftware.com

my articles:
http://www.codeproject.com/dotnet/StackCrypt.asp
http://www.codeproject.com/dotnet/Anti_BPX.asp


try my .net obfuscator:
http://xoomer.virgilio.it/cantelmosoftware/net/TryMe.zip


"Ignus Fast" <ju...@no.com> ha scritto nel messaggio
news:eW6p2PpJ...@TK2MSFTNGP09.phx.gbl...

Ignus Fast

unread,
Mar 15, 2005, 10:53:15 AM3/15/05
to
Love the article, but I'm not sure how to apply it. Since I'm not sure
why it won't create the object, I'm not sure which security permission to
override?

Ignus

"Cantelmo Software" <in...@cantelmosoftware.com> wrote in message
news:uUvdRZUK...@TK2MSFTNGP09.phx.gbl...

Ignus Fast

unread,
Mar 15, 2005, 6:43:06 PM3/15/05
to
Anyone? This is kinda critical for me, and I'd really appreciate the
help. So far this just seems like nasty bugs in the 1.1 framework. The
SignedXml.CheckSignature() method compiles with and at runtime accepts an
X509Certificate.PublicKey property, but always returns false. Nice. So I
export the properties of this key to a new RSACryptoServiceProvider(), which
works just dandy locally, but won't work on my Windows 2000 server (error
mentioned below). I've tried adding the permissions on the RSA/MachineKeys
folder. I've even tried the following two asserts:

// SecurityPermission myPerm = new
// SecurityPermission(SecurityPermissionFlag.Assertion);
// myPerm.Assert();

And

// FileIOPermission myPerm = new
// FileIOPermission(FileIOPermissionAccess.AllAccess, @"C:\Documents and
Settings\All Users\Application Data\Microsoft\Crypto");
// myPerm.Assert();

ANYONE?!?! PLEASE HELP ME OUT!!

Ignus

"Ignus Fast" <ju...@no.com> wrote in message
news:eW6p2PpJ...@TK2MSFTNGP09.phx.gbl...

Cantelmo Software

unread,
Mar 15, 2005, 6:59:26 PM3/15/05
to

"Ignus Fast" <ju...@no.com> ha scritto nel messaggio
news:%2383o9ib...@tk2msftngp13.phx.gbl...

> Anyone? This is kinda critical for me, and I'd really appreciate the
> help. So far this just seems like nasty bugs in the 1.1 framework. The
> SignedXml.CheckSignature() method compiles with and at runtime accepts an
> X509Certificate.PublicKey property, but always returns false. Nice. So I
> export the properties of this key to a new RSACryptoServiceProvider(),
> which works just dandy locally, but won't work on my Windows 2000 server
> (error mentioned below). I've tried adding the permissions on the
> RSA/MachineKeys folder. I've even tried the following two asserts:
>
> // SecurityPermission myPerm = new
> // SecurityPermission(SecurityPermissionFlag.Assertion);
> // myPerm.Assert();
>
> And
>
> // FileIOPermission myPerm = new
> // FileIOPermission(FileIOPermissionAccess.AllAccess, @"C:\Documents and
> Settings\All Users\Application Data\Microsoft\Crypto");
> // myPerm.Assert();
>
> ANYONE?!?! PLEASE HELP ME OUT!!

sorry for my bad english! i'm italian
at the moment, before of "Assert" invoke the PermissionSet. example:

Dim _set As New PermissionSet(PermissionState.None)
_set.AddPermission(New FileIOPermission(PermissionState.Unrestricted))
_set.Assert

Marcello


Ignus Fast

unread,
Mar 15, 2005, 10:38:20 PM3/15/05
to
Don't sweat the english; your english is fine! Thanks for the help!

I'm just new to the crypto scene, and it seems I couldn't have picked
much tougher a project... Unfortunately this didn't work either. It
doesn't seem to be a permissions thing; unfortunately, I'm not sure WHAT'S
going on.... Any Microsoft people here???

Ignus

"Cantelmo Software" <in...@cantelmosoftware.com> wrote in message

news:e6nj9rbK...@TK2MSFTNGP14.phx.gbl...

Cantelmo Software

unread,
Mar 16, 2005, 4:56:06 AM3/16/05
to
try this link:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322371

HTH
Marcello

www.cantelmosoftware.com

"Ignus Fast" <ju...@no.com> ha scritto nel messaggio

news:ujWsamdK...@TK2MSFTNGP12.phx.gbl...

Ignus Fast

unread,
Mar 16, 2005, 9:30:49 AM3/16/05
to
Unfortunately, that was the first thing I tried. :(

Thanks, though!

Ignus

"Cantelmo Software" <in...@cantelmosoftware.com> wrote in message

news:uAMeX5g...@TK2MSFTNGP12.phx.gbl...

Ignus Fast

unread,
Mar 17, 2005, 4:22:16 PM3/17/05
to
Ping???

(pin dropping)

Ignus

"Ignus Fast" <ju...@no.com> wrote in message

news:%235JbNxK...@TK2MSFTNGP15.phx.gbl...

Valery Pryamikov

unread,
Mar 18, 2005, 1:21:38 AM3/18/05
to
Hi Ignus,
What error did you get? (looking through your post I didn't find any error
description).

-Valery.
http://www.harper.no/valery

"Ignus Fast" <ju...@no.com> wrote in message

news:e8SvmdzK...@TK2MSFTNGP09.phx.gbl...

Ignus Fast

unread,
Mar 18, 2005, 10:00:39 AM3/18/05
to
Sorry, it was in the original message a week ago:

System.Security.Cryptography.CryptographicException: CryptoAPI
cryptographic service provider (CSP) for this implementation could not be
acquired.
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32
dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at
System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters
parameters)

The only tips I've seen online have been:

Add permission to the folder C:\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

and add this code to initialize the RSACryptoServiceProvider:

CspParameters cspParams = new CspParameters();
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
rsacsp = new RSACryptoServiceProvider(cspParams);

Neither of which had any affect. Any suggestions?

Ignus

"Valery Pryamikov" <val...@harper.no> wrote in message
news:u5sk1K4K...@TK2MSFTNGP12.phx.gbl...

Ignus Fast

unread,
Mar 18, 2005, 4:34:48 PM3/18/05
to
Please help me, I'm bleeding here! Problem outlined below:

Ignus

"Ignus Fast" <ju...@no.com> wrote in message
news:eW6p2PpJ...@TK2MSFTNGP09.phx.gbl...

Ignus Fast

unread,
Mar 21, 2005, 6:38:32 PM3/21/05
to
Ping. Again. Has no-one really run into this? Does anyone from
Microsoft read these groups at all?!?!?!?

Ignus

"Ignus Fast" <ju...@no.com> wrote in message

news:OgRsQJAL...@TK2MSFTNGP09.phx.gbl...

Suchita via DotNetMonster.com

unread,
Mar 30, 2005, 5:34:52 PM3/30/05
to
Don't know whether you already got solution for this.
This may not be a solution for you, but I faced the similar problem when
instantiating RSACryptoServiceProvider on development web machine itself.
Since I didnt have any requirements to encrypt specifically using RSA
algorithm, used RC2 algorightm (using RC2CryptoServiceProvider) and it
works fine for me.

--
Message posted via http://www.dotnetmonster.com

Ignus Fast

unread,
Mar 31, 2005, 3:58:39 PM3/31/05
to
I did actually find a solution, but I'm not sure I like it. I do
require a full RSA key, so I can't use RC2. But I found that for it to
work, I had to give the ASPNET user Full permission all the way back to the
"All Users" folder (full path = C:\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys). Anything more
restrictive (up torward MachineKeys) would cause the instantiation of an
RSACryptoServiceProvider to fail.

I'd like to especially thanks Microsoft, who doesn't really appear to
give a crap if people get stuff working or not, unless they pay.

I'd also like to thank the developers at Microsoft who assume we would
always want the RSACryptoServiceProvider to automatically waste a bunch of
processor time generating a random key, even if we just want to put our own
key in it for signature validation.

:-p

Ignus

"Suchita via DotNetMonster.com" <fo...@DotNetMonster.com> wrote in message
news:5cb7eeda772a49af...@DotNetMonster.com...

0 new messages