Re: Error instantiating RSACryptoServiceProvider

21 Mar 2005 11:38 PM

Ignus Fast

Ping. Again. Has no-one really run into this? Does anyone from
Microsoft read these groups at all?!?!?!?

Ignus

Show quoteHide quote

"Ignus Fast" <j***@no.com> wrote in message
news:OgRsQJALFHA.3336@TK2MSFTNGP09.phx.gbl...
>    Please help me, I'm bleeding here! Problem outlined below:
>
>        Ignus
>
> "Ignus Fast" <j***@no.com> wrote in message
> news:eW6p2PpJFHA.3960@TK2MSFTNGP09.phx.gbl...
>>   I'm trying to instantiate an RSACryptoServiceProvider in a web service,
>> which works fine on my local machine. But when I move the web service
>> out to my production server, it blows up with the following error:
>>
>> System.Security.Cryptography.CryptographicException: CryptoAPI
>> cryptographic service provider (CSP) for this implementation could not be
>> acquired.
>>   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32
>> dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
>>   at
>> System.Security.Cryptography.RSACryptoServiceProvider..ctor(CspParameters
>> parameters)
>>
>>
>>    Things I've tried:
>>
>>        Using a CspProviderFlags objects to use the MachineKeyStore:
>>
>>                CspParameters cspParams = new CspParameters();
>>                cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
>>                rsacsp = new RSACryptoServiceProvider(cspParams);
>>
>>        Setting the ASPNET user to have full permissions to the
>> MachineKeys folder.
>>
>>        Originally I was just reading in the cert, then passing the
>> X509Certificate.PublicKey to SignedXml.CheckSignature(). This I thought
>> *should* have worked, since the CheckSignature method accepts an RSA, but
>> it always returned false (both locally and on the remote server). So I'm
>> exporting the 509Certificate.PublicKey data into an
>> RSACryptoServiceProvider, which works fine with
>> SignedXml.CheckSignature() locally, but always results in the above error
>> on the remote server.
>>
>>        Any suggestions?
>>
>>
>>
>
>

30 Mar 2005 10:34 PM

Suchita via DotNetMonster.com

Don't know whether you already got solution for this.
This may not be a solution for you, but I faced the similar problem when
instantiating RSACryptoServiceProvider on development web machine itself.
Since I didnt have any requirements to encrypt specifically using RSA
algorithm, used RC2 algorightm (using RC2CryptoServiceProvider) and it
works fine for me.

--
Message posted via http://www.dotnetmonster.com

31 Mar 2005 8:58 PM

Ignus Fast

I did actually find a solution, but I'm not sure I like it. I do
require a full RSA key, so I can't use RC2. But I found that for it to
work, I had to give the ASPNET user Full permission all the way back to the
"All Users" folder (full path = C:\Documents and Settings\All
Users\Application Data\Microsoft\Crypto\RSA\MachineKeys). Anything more
restrictive (up torward MachineKeys) would cause the instantiation of an
RSACryptoServiceProvider to fail.

I'd like to especially thanks Microsoft, who doesn't really appear to
give a crap if people get stuff working or not, unless they pay.

I'd also like to thank the developers at Microsoft who assume we would
always want the RSACryptoServiceProvider to automatically waste a bunch of
processor time generating a random key, even if we just want to put our own
key in it for signature validation.

:-p

Ignus

Show quoteHide quote

"Suchita via DotNetMonster.com" <fo***@DotNetMonster.com> wrote in message
news:5cb7eeda772a49afa2b4c9c3cf703ced@DotNetMonster.com...
> Don't know whether you already got solution for this.
> This may not be a solution for you, but I faced the similar problem when
> instantiating RSACryptoServiceProvider on development web machine itself.
> Since I didnt have any requirements to encrypt specifically using RSA
> algorithm, used RC2 algorightm (using RC2CryptoServiceProvider) and it
> works fine for me.
>
> --
> Message posted via http://www.dotnetmonster.com