Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

0x80090003 - CryptDecryptMessage

531 views
Skip to first unread message

Luis Ricardo

unread,
Nov 12, 2008, 8:45:21 AM11/12/08
to
I am having problems decrypting a message using Crypt32.dll.
I receive a Bad Key error when calling CryptDecryptMessage
(Exception from HRESULT: 0x80090003)

I can sign an message with the same certificate, but if i encrypt the
message i can´t decrypt.

I don't believe there is anything wrong with my CryptDecryptMessage because
only 1 certificate show this error.
Tests with other 10 certificates are OK.

any ideia?

thanks for help.
Luis Ricardo

Mounir IDRASSI

unread,
Nov 12, 2008, 8:57:01 PM11/12/08
to
Hi Luis,

What CSP is storing the key pair associated with the certificate? Are you
using a smart card CSP?
This error can come from a mismatch between the public key of the
certificate and the private key stored in the CSP: In the IE certificate
store, each certificate context contains the CSP Name, the container name and
the key spec that can be used to acquire the private key in order to do the
decryption. Maybe in the case of the certificate who causes the problem, its
context in the IE store contains wrong or outdated information (this is more
likely to happen with smart card CSPs).

To help you investigate, you can use a (free) small .NET utility program
(StoreExplorer) that I developed to show the detailed content of the IE
certificate store. You can locate the certificate that causes the problem and
see what are the CSP information associated with it. Here is its link :
http://www.idrix.fr/Root/Samples/StoreExplorer.zip
http://www.idrix.fr/Root/Samples/StoreExplorer.jpg

I hope this will give you some clues.

Cheers,
--
Mounir IDRASSI
IDRIX - Cryptography And IT Security Experts
http://www.idrix.fr

To reach me: mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)

Luis Ricardo

unread,
Nov 13, 2008, 10:24:48 AM11/13/08
to
Mounir, thans for help.

CSP: Microsoft Enhanced Cryptographic Provider v1.0
Not smart card.
I think the problem is my certificate dont have the keyEncipherment bit on.
Only digitalSignature and nonRepudiation are on.

CriptoAPI let me sign and crypto messages but dont let me decrypt them....

What do you think about this?

thanks
luis ricardo


"Mounir IDRASSI" <moon...@newsgroups.nospam> escreveu na mensagem
news:DE486D47-C18C-4492...@microsoft.com...

0 new messages