CngKey.Import throws CryptographicException only on some machines

Question

I have a small sample program which fails on my computer with a Cryptographic exception, but on a coworker's computer it will succeed (no exception). Any ideas?

using System.Security.Cryptography;
public class P
{
	public static void Main()
	{
		byte[] privateKey = new byte[]{0x45,0x43,0x53,0x36,0x42,0x00,0x00,0x00,0x00,0xCE,0x52,0xE3,0x0E,0x94,0x7D,0x6D,0xF1,0x59,0x98,0x4B,0xC5,0x57,0x6D,0xD7,0xE5,0xF0,0x81,0xE6,0xF1,0x21,0xA8,0x11,0x78,0xB2,0x99,0x4D,0x5A,0xB2,0x4D,0xC6,0xD1,0xFA,0x57,0x98,0xB7,0xC4,0x6D,0xB0,0x26,0x9A,0xE3,0xD7,0x19,0x32,0x1E,0x1F,0xC0,0x06,0x06,0xBE,0x4E,0xB8,0xBA,0xE1,0x88,0x24,0x7A,0x93,0xFB,0x9A,0x07,0x90,0x3D,0x55,0x01,0x4D,0x29,0xF0,0x3C,0x97,0x1A,0x20,0x30,0xFD,0x7C,0x0F,0xED,0xD5,0x17,0xF0,0x12,0xA1,0x08,0xB4,0x29,0x1B,0xBA,0x80,0x5D,0xB3,0x5D,0x9B,0x53,0xF8,0x7A,0xED,0xCF,0x7C,0x07,0xAD,0x9F,0xEB,0x57,0x69,0xE4,0x50,0x26,0x47,0xAC,0xC5,0x17,0xBF,0xAD,0x4D,0x68,0x91,0xA8,0xED,0xD2,0x36,0x2D,0x29,0x8B,0x7C,0x59,0x13,0x18,0x1B,0x8F,0x35,0x00,0x49,0xDA,0x59,0xEE,0x4B,0x98,0x06,0x47,0x76,0x86,0x9C,0x20,0xC8,0xBC,0xC5,0x3D,0xE9,0x42,0x4C,0xEF,0x16,0x3D,0x3B,0x05,0x17,0x07,0x4F,0xAE,0x0A,0x9B,0xC1,0x91,0x51,0x48,0xE4,0x94,0x75,0x6A,0x01,0x27,0x24,0xEC,0x54,0x2D,0x34,0xE6,0x3D,0x31,0xB6,0x78,0x60,0x36,0x7B,0x21,0x83,0xFC,0xE9,0xFD,0x31,0x8F,0x8D,0x19,0x87,0x24,0x78};

		CngKey.Import(privateKey, CngKeyBlobFormat.EccPrivateBlob);
	}
}

 

The exception I get:

 

Unhandled Exception: System.Security.Cryptography.CryptographicException: The requested operation is not supported.

   at System.Security.Cryptography.NCryptNative.ImportKey(SafeNCryptProviderHandle provider, Byte[] keyBlob, String format)

   at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider)

   at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, CngKeyBlobFormat format)

Answer 1

CngKey (and all of the Cryptography Next Generation classes) are only supported on Vista SP1 and later.  If you're running XP, for example, you'll receive this exception.

 

For details, see the documentation, under Platforms: "Windows 7, Windows Vista SP1 or later, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role not supported)"  

---

Reed Copsey, Jr. - http://reedcopsey.com
If a post answers your question, please click "Mark As Answer" on that post and "Mark as Helpful".

Answer 2

 

Hi Ansssss,

 

I tried your code snippet, and it works well on a Win7 box.

---

Eric Yang [MSFT]
MSDN Community Support | Feedback to us
Get or Request Code Sample from Microsoft
Please remember to mark the replies as answers if they help and unmark them if they provide no help.

Answer 3

I am running Vista SP2 (32-bit). The documentation suggests that a PlatformNotSupportedException would be thrown if that was my problem.

Answer 4

 

It is supported on Vista SP1 and later, so Vista SP2 should work, you can submit this issue to Microsoft Connect feedback portal http://connect.microsoft.com, Microsoft engineers will evaluate them seriously, thanks. If this issue is urgent, please contact support at http://support.microsoft.com.

---

Eric Yang [MSFT]
MSDN Community Support | Feedback to us
Get or Request Code Sample from Microsoft
Please remember to mark the replies as answers if they help and unmark them if they provide no help.

Answer 5

I entered a "feedback item" on the Microsoft Connect website. https://connect.microsoft.com/VisualStudio/feedback/details/648322/cngkey-import-throws-cryptographicexception-on-vista-sp2

 

Side note: neither Chrome nor Firefox seems to render that webpage correctly, word-wraps are not occurring, so I can only view it (correctly) with IE.

I will probably try to contact support as well.

Answer 6

The Windows SDK Escalation Engineer on my support case found that the issue is that the native function being called by the CngKey.Import method does not support the ECC private blob type in Windows Vista or Windows Server 2008 (but it does work in Windows Server 2008 R2).

Here's the relevant documentation http://msdn.microsoft.com/en-us/library/aa376276(VS.85).aspx

BCRYPT_ECCPRIVATE_BLOB

The BLOB is an elliptic curve cryptography (ECC) private key. The pbData buffer must contain a BCRYPT_ECCKEY_BLOB structure immediately followed by the key data.

Windows Server 2008 and Windows Vista:  This value is not available.

 

So that is very disappointing, when you read everywhere else that the CNG library functions are supported in Vista SP1 or later, but then you try it out and nearly every blob type is not supported in Vista.