Getting exception "Invalid Signature" when accessing PrivateKey's property of X509Certificate2 RRS feed

  • Question

  • Hello,

    I'm trying to sign a XML but when I try to access the PrivateKey property of my X509Certificate2's instance, i get this exception :

    'certificado.PrivateKey' threw an exception of type 'System.Security.Cryptography.CryptographicException'


       at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
       at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
       at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
       at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
       at System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters parameters)
       at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
       at NFSeUtilPBH.AssinaturaXML.Assinar(XmlDocument doc, X509Certificate2 certificado, String tag) in D:\tmp\NFe\Compo\Fontes\NFSeUtilPBH\AssinaturaXML.cs:line 53
       at NFSeUtilPBH.NFSeUtilPBHClass.AssinarXML(XmlDocument conteudoXML, String tagAssinar, Int32& codRetorno) in D:\tmp\NFe\Compo\Fontes\NFSeUtilPBH\NFSeUtilPBHClass.cs:line 39

    For getting the certificate's instance, I do this:

    X509Certificate2 _X509Cert = new X509Certificate2();
                    X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
                    store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
                    X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
                    X509Certificate2Collection collection1 = (X509Certificate2Collection)collection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
                    X509Certificate2Collection collection2 = (X509Certificate2Collection)collection.Find(X509FindType.FindByKeyUsage, X509KeyUsageFlags.DigitalSignature, false);
                    X509Certificate2Collection scollection = X509Certificate2UI.SelectFromCollection(collection2, "Certificado(s) Digital(is) disponível(is)", "Selecione o Certificado Digital para uso no aplicativo", X509SelectionFlag.SingleSelection);
                    if (scollection.Count == 0)
                        throw new CertificadoDigitalException("Nenhum certificado escolhido");
                        _X509Cert = scollection[0];
                    return _X509Cert;
                catch (System.Exception ex)
                    throw new CertificadoDigitalException(ex.Message);
                    return _X509Cert;
    OBS: _X509Cert = certificado in exception's message.

    With this code, a window appear and I select my certificate (its an usb token).

    If someone have an idea, thank you very much and sorry for my poor english.

    Visual Studio 2008 Team System / C# 3.0 / .NET 3.5 / ASPNET / Win7
    Monday, November 9, 2009 11:12 PM


  • Hi!

    I have upgraded the driver of my usb token (ePass2000 - Pronova) to the last version and the problem has been solved.

    Without code modification, now it's working fine!

    Thanks for your time.

    Best regards.
    Christophe T. Chavey.
    • Marked as answer by ChristopheBHMG Tuesday, November 10, 2009 5:32 PM
    Tuesday, November 10, 2009 5:32 PM

All replies