2

The following lines of code, which is part of a .NET FW 4.6.2 Console Application, execute without exceptions when run on a Windows 10. But when running on a Windows Server 2016 it causes a CryptographicException to be thrown when the Export method is called, saying Keyset does not exist (even when running as Administrator). (If compiling code for .NET Core 2, it compiles, but the executable throws a PlatformNotSupportedException on the first row.)

Certificate.PrivateKey = RSA;
byte[] Bin = Certificate.Export(X509ContentType.Pfx, password);

Background: Certificate is an X509Certificate2 with only a public key. RSA is a RSACryptoServiceProvider containing the private key corresponding to the same public key. The certificate is created by a remote ACME-compliant CA (Let's Encrypt), which is why only the public key is available, and why the private key is kept separate by the client.

The code runs without exception on Windows 10, and the generated PFX file contains the private key as it should.

The question is: Why does it throw an exception in one case, but not the other? And what would the suggested work-around be?

Source of console application: https://github.com/PeterWaher/IoTGateway/tree/master/Utilities/Waher.Utility.Acme

Compiled version: https://waher.se/Downloads/Waher.Utility.Acme.zip

Command-line parameters, to repeat the situation: (replace EMAIL, DOMAIN and WEBFOLDER with corresponding values)

Waher.Utility.Acme.exe -let -ce EMAIL -a -nk -dns DOMAIN -dns www.DOMAIN -http WEBFOLDER -f Certificate -pwd Test -v

The following event was logged in the security log of the Windows Server machine (while it worked fine for the Windows 10 machine):

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          5/28/2018 6:56:27 PM
Event ID:      5061
Task Category: System Integrity
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      Domain
Description:
Cryptographic operation.

Subject:
    Security ID:        Domain\PeterWaher
    Account Name:       PeterWaher
    Account Domain:     Domain
    Logon ID:       0xBFDEC 

Cryptographic Parameters:
    Provider Name:  Microsoft Software Key Storage Provider
    Algorithm Name: UNKNOWN
    Key Name:   Domain\PeterWaher
    Key Type:   User key.

Cryptographic Operation:
    Operation:  Open Key.
    Return Code:    0x80090016
Peter Waher
  • 178
  • 1
  • 8
  • Does [this answer](https://stackoverflow.com/a/602389/2928544) help? – raidensan May 28 '18 at 07:11
  • Thanks for the link @raidensan. Unfortunately it doesn't help. Had reviewed the answer before. That's why I wrote that I had run the application with administrator privileges. As far as I can tell, there should be no files involved, since keys are all in-memory. I think this might be the source of the problem also: In the Windows Server case, the underlying framework or operating system assume the keys will be available in files, while in the WIndows 10 case, it doesn't. Any idea on how to generate these files? – Peter Waher May 28 '18 at 07:43
  • Since I can't reproduce the issue; Maybe a long shot but how about running app in compatibility mode? Also it might be useful to check windows logs to further investigate the root cause. – raidensan May 28 '18 at 12:46
  • I did not find Windows 10 in the compatibility mode list, just Windows 8. – Peter Waher May 28 '18 at 19:02
  • Found an event. Not sure if the parameters in it just look strange, or are strange. Added it to the problem description. – Peter Waher May 28 '18 at 19:08
  • @raidensan: Added a link to a downloadable file, as well as command-line parameters, if you would like to try it out. – Peter Waher May 28 '18 at 19:22

0 Answers0