none
Error 8009001A RRS feed

  • Question

  • I am doing some developement work with TSL using SCHANNEL. It was working just fine for the longest time, but now it returns "Error 8009001A Keyset as registered is invalid" whenever I attempt to use type 12 (PROV_RSA_SCHANNEL) when calling CryptAcquireContext. If I change the type to 1 (PROV_RSA_FULL), I can EnumCspProvider, and it says that it is available:

    Provider Type    Provider Name
    -------------    -----------------
    1        Microsoft Base Cryptographic Provider v1.0
    13        Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
    3        Microsoft Base DSS Cryptographic Provider
    1        Microsoft Base Smart Card Crypto Provider
    18        Microsoft DH SChannel Cryptographic Provider
    1        Microsoft Enhanced Cryptographic Provider v1.0
    13        Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
    24        Microsoft Enhanced RSA and AES Cryptographic Provider
    12        Microsoft RSA SChannel Cryptographic Provider
    1        Microsoft Strong Cryptographic Provider

    What changed?

    J.A. Coutts

    Tuesday, June 11, 2013 7:03 AM

All replies

  • Solution found, but not the reason. Looking in the directory C:\Users\<userid>\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1856060642-3181273466-4167654928-1000 showed a file that corresponded to the date the problem started:

    06/10/13  11:17 PM             2,088 e9255a5a03cbd274a60d4014d38ca063_7658be33-9e33-47f7-8fcf-34573c36f76c

    Deleting this file corrected the problem. Now if I only knew why, it would help tremendously.

    J.A. Coutts

     

     

    Friday, June 14, 2013 1:14 AM
  • J.A.Coutts,

    I have been running into a similar problem and deleting the file seems to be a safe but tedious workaround.  Did you ever get any more information on a permanent fix for this?

    Steve


    Steve

    Thursday, June 27, 2013 8:40 PM
  • J.A.Coutts,

    I have been running into a similar problem and deleting the file seems to be a safe but tedious workaround.  Did you ever get any more information on a permanent fix for this?

    Steve


    Steve

    I believe that we discussed this same issue on another forum. And No, I have not found the reason. What I suspect is that somehow the default container was changed. Microsoft warns that the default container (non-user specific) should not be used, and my own programs use a user specific container under my own company name. But I was trying several other different programs, and it is quite possible that one of those used the default container and changed it.

    J.A. Coutts

    Friday, June 28, 2013 2:23 AM
  • Yea - we have talked before and thanks again....


    Steve

    Friday, June 28, 2013 1:02 PM
  • Hello Steve.

    I believe I have found out what is happening. When a Private Key is imported to a Key Container, that key is written to a file in a subdirectory of "C:\Users\<userID>\AppData\Roaming\Microsoft\Crypto\RSA\". Thereafter, every time a "CryptAcquireContext" call is made to that container, it attempts to read the contents of that file, and importing the Private Key again is not necessary. It can simply be recovered using the "CryptGetUserKey" call. If the contents of that file somehow become corrupted, we get an error. You need to find out why the file is getting corrupted.

    J.A. Coutts

    Thursday, July 18, 2013 5:33 PM
  • J.A. Coutts,

    This is through a third party that is affecting us.  I don't think we will ever know what causes the corruption.  Deleting the files in that folder seems safe and always works.

    Thanks for your help.

    Steve


    Steve

    Friday, July 19, 2013 1:11 PM