none
Encryption, RSA and NTE_BAD_KEYSET RRS feed

  • Question

  • Hello,

    I'm programming in Delphi XE3. For communication with an external javascipt-tool, I have to export a JSON-file in RSA-encrypted mode.

    This codesnippet is used to get a key:

      if not CryptAcquireContext (Prov, nil, nil, PROV_RSA_AES, 0) then
        if GetLastError = NTE_BAD_KEYSET then
           Win32Check (CryptAcquireContext(Prov, nil, nil, PROV_RSA_AES, CRYPT_NEWKEYSET))
        else
          RaiseLastOSError;

    It works fine on my Windows Desktop (Windows 7 Professional, SP1) and more desktops around here. On one laptop, there was a problem. It gave NTE_BAD_KEYSET. After visiting some proposed directories on that laptop, the problem seems to be solved. The code works.

    When I run the program on a Win2008 R2-server (needed for a hosted environment), it doesn't make the required file. Instead it gives an error:

    "System Error. Code: -2146893802. Keyset does not exist."

    I used ProcMon to see what happens. Some lines of it are here:

    11:09:13.2708742 AM    2556    IRP_MJ_CREATE    C:\Users\Testen\AppData\Roaming\Microsoft    NAME COLLISION    Desired Access: Read Data/List Directory, Synchronize, Dis, Options: Directory, Synchronous IO Non-Alert, Attributes: S, ShareMode: Read, Write, AllocationSize: 0    KZC-TEST\Testen    00000000:00043214    2
    11:09:13.2709940 AM    2556    IRP_MJ_CREATE    C:\Users\Testen\AppData\Roaming\Microsoft\Crypto    NAME COLLISION    Desired Access: Read Data/List Directory, Synchronize, Dis, Options: Directory, Synchronous IO Non-Alert, Attributes: S, ShareMode: Read, Write, AllocationSize: 0    KZC-TEST\Testen    00000000:00043214    2
    11:09:13.2711054 AM    2556    IRP_MJ_CREATE    C:\Users\Testen\AppData\Roaming\Microsoft\Crypto\RSA    NAME COLLISION    Desired Access: Read Data/List Directory, Synchronize, Dis, Options: Directory, Synchronous IO Non-Alert, Attributes: S, ShareMode: Read, Write, AllocationSize: 0    KZC-TEST\Testen    00000000:00043214    2
    11:09:13.2712177 AM    2556    IRP_MJ_CREATE    C:\Users\Testen\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1366862648-1252281207-2246116676-1000    NAME COLLISION    Desired Access: Read Data/List Directory, Synchronize, Dis, Options: Directory, Synchronous IO Non-Alert, Attributes: S, ShareMode: Read, Write, AllocationSize: 0    KZC-TEST\Testen    00000000:00043214    2
    11:09:13.2715879 AM    2556    IRP_MJ_CREATE    C:\Users\Testen\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1366862648-1252281207-2246116676-1000\f732aefc1314782392aa10292a1c9146_22f7f393-6e49-409c-8860-aea2db746b80    NAME NOT FOUND    Desired Access: Generic Read, Dis, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a    KZC-TEST\Testen    00000000:00043214    2
    11:09:13.2719405 AM    2556    IRP_MJ_DIRECTORY_CONTROL    C:\Users\Testen\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1366862648-1252281207-2246116676-1000\f732aefc1314782392aa10292a1c9146_*    NO SUCH FILE    Type: QueryDirectory, Filter: f732aefc1314782392aa10292a1c9146_*    KZC-TEST\Testen    00000000:00043214    2
    11:09:13.2722434 AM    2556    IRP_MJ_DIRECTORY_CONTROL    C:\Users\Testen\AppData\Roaming\Microsoft\Crypto\RSA    NO MORE FILES    Type: QueryDirectory    KZC-TEST\Testen    00000000:00043214    2

    A few days befor, I got this:
    11:28:27.1879989 AM     1928     IRP_MJ_CREATE     C:\Users\Testen\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1366862648-1252281207-2246116676-1000\f732aefc1314782392aa10292a1c9146_22f7f393-6e49-409c-8860-aea2db746b80     NAME NOT FOUND     Desired Access: Generic Read, Dis, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a
    11:28:27.1881452 AM     1928  IRP_MJ_CREATE     C:\Users\Testen\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1366862648-1252281207-2246116676-1000     SUCCESS     Desired Access: Read Data/List Directory, Synchronize, Dis, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
    11:28:27.1881885 AM     1928    IRP_MJ_DIRECTORY_CONTROL     C:\Users\Testen\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1366862648-1252281207-2246116676-1000\f732aefc1314782392aa10292a1c9146_*     NO SUCH FILE     Type: QueryDirectory, Filter: f732aefc1314782392aa10292a1c9146_*
    11:28:27.1882261 AM     1928    IRP_MJ_CLEANUP     C:\Users\Testen\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1366862648-1252281207-2246116676-1000     SUCCESS     
    11:28:27.1882548 AM     1928     IRP_MJ_CLOSE     C:\Users\Testen\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1366862648-1252281207-2246116676-1000     SUCCESS     

    On a Win7 desktop where it works, I got the following:
    12:19:38,4142812        4936    CreateFile    C:\Users\Ronald\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3295890218-3896570636-3941841341-1000\8f9ff801affff7e7fb8e03e052dc6aea_cae5bc2b-caf5-4782-9dd5-b374156fd2b1    SUCCESS    Desired Access: Generic Read, Dis, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
    12:19:38,4143176        4936    QueryStandardInformationFile    C:\Users\Ronald\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3295890218-3896570636-3941841341-1000\8f9ff801affff7e7fb8e03e052dc6aea_cae5bc2b-caf5-4782-9dd5-b374156fd2b1    SUCCESS    AllocationSize: 48, EndOfFile: 47, NumberOfLinks: 1, DeletePending: False, Directory: False
    12:19:38,4143296        4936    ReadFile    C:\Users\Ronald\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3295890218-3896570636-3941841341-1000\8f9ff801affff7e7fb8e03e052dc6aea_cae5bc2b-caf5-4782-9dd5-b374156fd2b1    SUCCESS    Offset: 0, Length: 47, Priority: Normal
    12:19:38,4143521        4936    CloseFile    C:\Users\Ronald\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3295890218-3896570636-3941841341-1000\8f9ff801affff7e7fb8e03e052dc6aea_cae5bc2b-caf5-4782-9dd5-b374156fd2b1    SUCCESS    

    Why doesn't it work?
    What can I do to make this work?

    Thanks in advance,

    RonVel
    Tuesday, December 23, 2014 2:27 PM