RE: Signing using X509 certificates

From: Bob Flanders (semuhphor_at_msn.mock.com)
Date: 09/30/04 

Date: Thu, 30 Sep 2004 09:21:01 -0700

How did you install your certificate? What store did you put it in?

There are a lot of messages about setting the security on the
"MachineKeys" folder and subsequent responses indicating that the
resetting security has no effect, but if you installed the cert in the
Local Machine/Personal folder, it is because the certificates are not
in "MachineKeys", they are in the folder RSA/S-1-{MoreValuesHere}
folder.

So, to get access to the keys, look for the folder:

\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\S-1-...
 
folder(s). Look at the dates on the files in the folder(s) to see when
the cert was installed. If a file with the correct date in in a
folder, set the permissions on the folder (with appropriate
inheritance for children) and try your app again. This worked for me.

(In my case, my app worked fine on XP, but when I tried to install and
run it on Win2003, the "cannot find" error started to occur. It took a
couple of days of playing and searching to come up with this answer.)

"Raj" wrote:

> Hi,
> Iam trying to sign XML messages using X509 certificate.The problem Iam
> facing is extracting the private key out of the X509 certificate ..I know
> that the private key is not stored as part of the .cer files but shouldn't it
> be part of the .pl2 files .I tried with that format as well but no luck..All
> Iam trying to do is as below and use the created "Key" for signing later..
>
> X509Certificate cert =
> X509Certificate.CreateCertFromFile("c:\\a.cer");
> RSACryptoServiceProvider Key = new RSACryptoServiceProvider();
> RSAParameters private = cert.Key.ExportParameters( true );
> Key.ImportParameters( private );
>
> but Iam getting errors saying that
>
> "System.ComponentModel.Win32Exception : Cannot find the certificate and
> private key for decryption" when I try to set the exportParameters to true..
>
> Any thoughts?
>

Relevant Pages

  • Re: SP 2 questions
    ... >> 5 - Change any Cookies and/or Custom Level Security settings in IE ... >> 7 - Add any Items to my Favorites folder in IE ... You already have the Windows Messenger Service - ... > 6 months and sooner or later you will either install it or start not being ...
    (microsoft.public.windowsxp.general)
  • Re: Cannot install fax services
    ... | wizard to that folder ... | 6.Right-click Security and Configuration and Analysis, ... | restarted the pc and installed the faxservices. ... | Subject: Re: Cannot install fax services ...
    (microsoft.public.windowsxp.print_fax)
  • RE: Change Macro Security Settings to Low during Custom Setup
    ... A) install office 2003 as normal, ... modify the macro security setting in each account. ... Open the folder for the user you logged in as to lower security settings ...
    (microsoft.public.office.setup)
  • Reinstalling WMP
    ... I don't know what the permissions were reset to. ... I tightened up the security on it and figured I'll ... reinstall by editing the .inf files that came with the WMP install package. ... Change the line to the new folder. ...
    (microsoft.public.security)
  • Re: Cannot install fax services
    ... wizard to that folder ... 6.Right-click Security and Configuration and Analysis, ... Subject: Cannot install fax services ... You cannot add a Windows component in Windows XP ...
    (microsoft.public.windowsxp.print_fax)
Quantcast