RSACryptoProvider creation problem:
I used some code for RSACryptoProvider creation with smart card and
CAPICOM COM object
The code worked well in Framework 1.1
but when I tried the same code in Framework 2.0
I got an following Cryptographic exception:
"Unable to open the access token of the current thread"


string url = string.Empty;
rsa = null;
certificate = null;
RSACryptoServiceProvider.UseMachineKeyStore = true;

CspParameters csp = new CspParameters();
csp.Flags = CspProviderFlags.UseMachineKeyStore;
ICertificate2 selectedCert = null;


//open the ceritificate store
Store st = new Store();

st.Open(CAPICOM_STORE_LOCATION.CAPICOM_CURRENT_USE R_STORE,
"My",
CAPICOM_STORE_OPEN_MODE.CAPICOM_STORE_OPEN_MAXIMUM _ALLOWED);
//search for the certificate with the digital signature
enabled
foreach (ICertificate2 currCert in st.Certificates)
{

if (currCert.HasPrivateKey())
{
selectedCert = currCert;
break;
}
}
//check if the certificate was found or not
if (selectedCert == null || selectedCert.HasPrivateKey()
== false ||

selectedCert.PublicKey().Algorithm.FriendlyName != "RSA")
{
StringBuilder sb = new StringBuilder();
sb.Append("Can't find a vaild certificate!\n\n");
sb.Append("Valid Certificate Authorities are :\n");
System.Collections.IEnumerator myEnum =
issuerlist.GetEnumerator();
while (myEnum.MoveNext())
sb.Append(myEnum.Current).Append("\n");
throw new Exception(sb.ToString());
}

certificate = selectedCert;

//create cerificate provider
csp.KeyContainerName =
selectedCert.PrivateKey.ContainerName;
csp.ProviderName = selectedCert.PrivateKey.ProviderName;
csp.ProviderType =
Convert.ToInt32(selectedCert.PrivateKey.ProviderTy pe);

//the certificate key number by the key specifications
switch (selectedCert.PrivateKey.KeySpec)
{
case CAPICOM_KEY_SPEC.CAPICOM_KEY_SPEC_KEYEXCHANGE:
csp.KeyNumber = 1;
break;

case CAPICOM_KEY_SPEC.CAPICOM_KEY_SPEC_SIGNATURE:
csp.KeyNumber = 2;
break;
}

//for machine keys use the local store of the machine
if (selectedCert.PrivateKey.IsMachineKeyset())
{
csp.Flags = CspProviderFlags.UseMachineKeyStore;
}
//create rsa cryptogragic provider based on the CSP
try
{
rsa = new RSACryptoServiceProvider(csp);//Here i get
the Exception
}
catch
{ }

I'm not sure what the problem with CAPICOM is, but did you consider
converting your code to the new .NET 2.0 X509 stuff? Everything you are
doing below is now supported directly by the framework and might be easier
to integrate.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<efrolov (AT) gmail (DOT) com> wrote

Have you used X509Certificate2 ?

If you can't access the PrivateKey property - then you most probably don't
have one - can you open the cert in explorer - does it say "you have a corresponding
private key" ?


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

On Feb 28, 8:50 pm, "Joe Kaplan"
<joseph.e.kap... (AT) removethis (DOT) accenture.com> wrote:

I tried this namespace but there I had similar problem I could not get
PrivateKey property of the certificate

Yes I used an X509Certificate2 and he has property called
HasPrivateKey and its value is true, and yes I checked that
certificate in explorer and I saw that there is private key. I have to
repeat that code works great in .NET 1.1

Is it possible there is a permissions problem? Perhaps the account in use
doesn't actually have proper file system ACL rights to the private key in
one context but does in the other?

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<efrolov (AT) gmail (DOT) com> wrote