locked
(RSACryptoServiceProvider) X509Certificate2.PrivateKey RRS feed

  • Question

  • Hello!

    I'm trying to use a GDBurti (SafeSign) smartcard with .NET, but I got a problem.

    The following code line is throwing an CryptographicException:

    RSACryptoServiceProvider signAlg = (RSACryptoServiceProvider)cert.PrivateKey;

    "cert" is a X509Certificate2 object, that is associated with a private key of a GDBurti smartcard.

    The complete stack is:

    The specified cryptographic service provider (CSP) does not support this key algorithm.

    at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
    at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
    at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
    at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()

    The code works well with Aladdin eToken and Rainbow IKey2000, but not with GDBurt smartcards.

    Any help will be apreciated.

    Thank you very much.

     

    Monday, May 15, 2006 8:03 PM

Answers

  • From the error message, the CLR is asking the smart card to create an RSA algorithm and the smart card is saying that it doesn't support RSA.  However, the certificate has an OID that the CLR is mapping to RSA -- which is why we're asking for it in the first place.  The bug could either be in the certificate itself (having an incorrect OID), or in the CLR (mapping the OID to the wrong algorithm).  What's the value of cert.GetKeyAlgorithm() ?

    -Shawn

    Tuesday, May 23, 2006 11:59 PM

All replies

  • From the error message, the CLR is asking the smart card to create an RSA algorithm and the smart card is saying that it doesn't support RSA.  However, the certificate has an OID that the CLR is mapping to RSA -- which is why we're asking for it in the first place.  The bug could either be in the certificate itself (having an incorrect OID), or in the CLR (mapping the OID to the wrong algorithm).  What's the value of cert.GetKeyAlgorithm() ?

    -Shawn

    Tuesday, May 23, 2006 11:59 PM
  • Hello Shawn!

    Thanks for your reply.

    The value of cert.GetKeyAlgorithm() is "1.2.840.113549.1.1.1", that stands for "rsaEncryption(1)".

    I think it is a hardware problem (CSP implementation problem), cause my code works with other hardwares CSPs.

    Well, if you have any ideas, please tell me.

    Thank you very much!

    Bruno.
    Monday, June 5, 2006 3:24 PM