none
CngKey.Import throws CryptographicException only on some machines

    Question

  • I have a small sample program which fails on my computer with a Cryptographic exception, but on a coworker's computer it will succeed (no exception). Any ideas?

    using System.Security.Cryptography;
    public class P
    {
    	public static void Main()
    	{
    		byte[] privateKey = new byte[]{0x45,0x43,0x53,0x36,0x42,0x00,0x00,0x00,0x00,0xCE,0x52,0xE3,0x0E,0x94,0x7D,0x6D,0xF1,0x59,0x98,0x4B,0xC5,0x57,0x6D,0xD7,0xE5,0xF0,0x81,0xE6,0xF1,0x21,0xA8,0x11,0x78,0xB2,0x99,0x4D,0x5A,0xB2,0x4D,0xC6,0xD1,0xFA,0x57,0x98,0xB7,0xC4,0x6D,0xB0,0x26,0x9A,0xE3,0xD7,0x19,0x32,0x1E,0x1F,0xC0,0x06,0x06,0xBE,0x4E,0xB8,0xBA,0xE1,0x88,0x24,0x7A,0x93,0xFB,0x9A,0x07,0x90,0x3D,0x55,0x01,0x4D,0x29,0xF0,0x3C,0x97,0x1A,0x20,0x30,0xFD,0x7C,0x0F,0xED,0xD5,0x17,0xF0,0x12,0xA1,0x08,0xB4,0x29,0x1B,0xBA,0x80,0x5D,0xB3,0x5D,0x9B,0x53,0xF8,0x7A,0xED,0xCF,0x7C,0x07,0xAD,0x9F,0xEB,0x57,0x69,0xE4,0x50,0x26,0x47,0xAC,0xC5,0x17,0xBF,0xAD,0x4D,0x68,0x91,0xA8,0xED,0xD2,0x36,0x2D,0x29,0x8B,0x7C,0x59,0x13,0x18,0x1B,0x8F,0x35,0x00,0x49,0xDA,0x59,0xEE,0x4B,0x98,0x06,0x47,0x76,0x86,0x9C,0x20,0xC8,0xBC,0xC5,0x3D,0xE9,0x42,0x4C,0xEF,0x16,0x3D,0x3B,0x05,0x17,0x07,0x4F,0xAE,0x0A,0x9B,0xC1,0x91,0x51,0x48,0xE4,0x94,0x75,0x6A,0x01,0x27,0x24,0xEC,0x54,0x2D,0x34,0xE6,0x3D,0x31,0xB6,0x78,0x60,0x36,0x7B,0x21,0x83,0xFC,0xE9,0xFD,0x31,0x8F,0x8D,0x19,0x87,0x24,0x78};
    
    		CngKey.Import(privateKey, CngKeyBlobFormat.EccPrivateBlob);
    	}
    }
    

     

    The exception I get:

     

    Unhandled Exception: System.Security.Cryptography.CryptographicException: The requested operation is not supported.

       at System.Security.Cryptography.NCryptNative.ImportKey(SafeNCryptProviderHandle provider, Byte[] keyBlob, String format)

       at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider)

       at System.Security.Cryptography.CngKey.Import(Byte[] keyBlob, CngKeyBlobFormat format)


    Thursday, February 24, 2011 12:02 AM

Answers

  • The Windows SDK Escalation Engineer on my support case found that the issue is that the native function being called by the CngKey.Import method does not support the ECC private blob type in Windows Vista or Windows Server 2008 (but it does work in Windows Server 2008 R2).

    Here's the relevant documentation http://msdn.microsoft.com/en-us/library/aa376276(VS.85).aspx

    BCRYPT_ECCPRIVATE_BLOB

    The BLOB is an elliptic curve cryptography (ECC) private key. The pbData buffer must contain a BCRYPT_ECCKEY_BLOB structure immediately followed by the key data.

    Windows Server 2008 and Windows Vista:  This value is not available.

     

    So that is very disappointing, when you read everywhere else that the CNG library functions are supported in Vista SP1 or later, but then you try it out and nearly every blob type is not supported in Vista.


    • Marked as answer by Ansssss Friday, March 04, 2011 4:34 PM
    Friday, March 04, 2011 4:26 PM

All replies