Getting error 80090020 (NTE_FAIL) when using CAPICOM's Decrypt fxn
Ryan Reed
environment. I am attempting to use CAPICOM's EnvelopedData object to sign,
envelop (encrypt), "unenvelop" (decrypt), and verify signature. (For
political reasons I am unable to use .NET 2.0 and its corresponding
Cryptography/EnvelopedCMS classes.)
If I create my own test certificates using the makecert.exe utility, they
work fine with all CAPICOM calls **IF** I use the following switch in the
makecert command line: -sp "Microsoft Enhanced Cryptographic Provider v1.0".
(Using a different value such as "Microsoft Base Cryptographic Provider
v1.0" also works.) If i leave the switch out, it doesn't work. I am not sure
which CSP values would and wouldn't work; suffice it to say that the above
two do.
If I use a different certificate generated by our development environment's
RA server and "burned" onto a smart card, then attempt to use the same
CAPICOM calls, the EnvelopedData.Encrypt call seems to work fine BUT the
EnvelopedData.Decrypt fails with error 0x80090020, "An internal error
occurred" (aka NTE_FAIL). The only difference between the keys is who
generated them.
I have been completely unable to find any documentation that provides hints
as to why this would happen, but my gut feeling is that it has something to
do with CSPs. My problems I need help with are:
1) I am unable to determine which CSP is being used during the RA's key
generation other than "default" (i.e. i can't figure out what the default
is).
2) How can I assure/be assured that the CSP used to generate the smart card
keys is available and/or present on the client machine?
3) I am not even sure that it's the CSP causing the problem, so if there are
any alternate suggestions I am wide open to investigating them.
I desperately need help. Has anyone ever run across this problem and have
suggestions on how to fix it?
Please let me know if you need code samples, etc.
Thanks,
Ryan