CryptAcquireContext

[Oliver Young]

One of my customers reported error "Error during CryptAcquireContext.".
OS is WinXP. I'm using code below. What is wrong? Nobody else before
complained on this error.

if(!CryptAcquireContext(&hCryptProv,
NULL,
NULL,
PROV_RSA_FULL,
0))
{
if(!CryptAcquireContext(&hCryptProv,
NULL,
NULL,
PROV_RSA_FULL,
CRYPT_NEWKEYSET))
{
Error("Error during CryptAcquireContext.");
return false;
}
}

Thank you.

[Pieter Philippaerts]

"Oliver Young" <none> wrote in message
news:ueJ6XOUm...@TK2MSFTNGP10.phx.gbl...

> One of my customers reported error "Error during
CryptAcquireContext.".
> OS is WinXP. I'm using code below. What is wrong? Nobody else before
> complained on this error.

Oddly enough, one of my customers also reported the same problem yesterday.
I came up with this post from a few months ago: http://tinyurl.com/s0oo It
appears to be a bug in the CryptoAPI.

I'm interested in an answer from someone from Microsoft. Is this a known
problem in the CryptoAPI? Are there any workarounds [except deleting the
default keyset]? Will it be fixed in a future service pack? Does it happen
on all platforms?

Regards,
Pieter Philippaerts
Managed SSL/TLS: http://www.mentalis.org/go.php?sl

[Oliver Young]

Is it safe to delete content of C:\Documents and
Settings\UserName\Application Data\Microsoft\Crypto\RSA folder? I wouldn't
like to advise it to my users and then to some other apps stop working
(Outlook...)? What is in this folder? Only (encrypted?) default keys. No
certificate (from Personal cert. store) keys?

[Pieter Philippaerts]

"Oliver Young" <none> wrote in message

news:eJTFE1Um...@tk2msftngp13.phx.gbl...

> Is it safe to delete content of C:\Documents and
> Settings\UserName\Application Data\Microsoft\Crypto\RSA folder? I wouldn't
> like to advise it to my users and then to some other apps stop working
> (Outlook...)?

You shouldn't delete the entire folder but only the corrupted key stores.
And yes, you will lose keys, but what good is a store if no application can
open it [keep in mind that it's not only your application that fails to open
the store -- others won't be able to open it either]?
However mind you that the theory of a corrupted key store is not the
'official' explanation. It would be wise to wait for someone from Microsoft
to respond to this thread before you start deleting things.

> What is in this folder? Only (encrypted?) default keys. No
> certificate (from Personal cert. store) keys?

The folder contains keys [private keys, symmetric keys.. I'm not sure about
public keys].
I believe certificates are stored somewhere else.

[Michel Gallant]

Don't touch that folder! It contains all CryptoAPI protected private
key files (W2k +).
This described the folders, and also the cert folders:

http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/prork/prdd_sec_grhc.asp

That folder, for W2k, will contain your EFS keys also, so if you delete it,
you won't be able to open your encrypted local folders (except via your administrator
account recovery keys).

If you want to delete *specific* key containers, you can use this utility I
created for this purpose:
http://pages.istar.ca/~neutron/KeyContainerTool/ (requires CAPICOM)

- Michel Gallant
Visual Security MVP

"Oliver Young" <none> wrote in message news:eJTFE1Um...@tk2msftngp13.phx.gbl...

[Sergio Dutra [MS]]

What is the last error that CryptAcquireContext is returning?
Also, the use of NULL for the key container name is strongly discouraged.
NULL means the default container for the user. Some older apps tend to
re-use that container, which makes data loss a high risk.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Oliver Young" <none> wrote in message

news:ueJ6XOUm...@TK2MSFTNGP10.phx.gbl...

[Pieter Philippaerts]

"Sergio Dutra [MS]" <ser...@online.microsoft.com> wrote

> What is the last error that CryptAcquireContext is returning?

NTE_BAD_KEYSET on my client's computer.

[Daryn Kiely]

For what it is worth, What I did is moved the RSA folder,
reinstalled the keys in question, moved the new RSA
folder, reinstated the first and copied the newly created
folder overtop. I have had no problems since doing that.

>.
>

[Sergio Dutra [MS]]

It may be that the key container already exists and that the ACLs on the key
don't allow the user to access it.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Pieter Philippaerts" <Pie...@nospam.mentalis.org> wrote in message
news:O4kKhCam...@TK2MSFTNGP10.phx.gbl...

[Daryn Kiely]

The program was being run from an account with
administrative access on the machine and the permissions
were set to "FULL CONTROL" on all the certificates.

>.
>

[Sergio Dutra [MS]]

Can you generate a key container using another key name?

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Daryn Kiely" <anon...@discussions.microsoft.com> wrote in message
news:040101c399bd$4a32fcb0$a501...@phx.gbl...

[Daryn Kiely]

I don't know, but I assume I would have been able to, but
I got things working again so cannot test it.

What I did to fix the problem was moved the Application
Data\...crypto\RSA folder, added the keys that were
failing, and used them to overwrite the old ones in the
RSA folder after I moved the RSA folder back into place.

>.
>

[Pent]

I think the problem can also happen if "Protected Storage" NT Service is
turned off.

"Pieter Philippaerts" <Pie...@nospam.mentalis.org> wrote in message

news:eEJCroUm...@TK2MSFTNGP11.phx.gbl...