|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
X.509 "Bad Key" error - EnvelopedCms.Decrypt()I'm trying to put together a demo for signing/verifying/encrypting/decrypting documents via pkcs #7 in VS2005, as per instructions in http://msdn2.microsoft.com/en-us/library/ms180960(en-US,VS.80).aspx The problem I'm getting is that when I call envelopedCms.Decrypt(), the operation fails with an error message "Bad Key". The code in question: static public Byte[] DecryptMsg(byte[] encodedEnvelopedCms) { EnvelopedCms envelopedCms = new EnvelopedCms(); envelopedCms.Decode(encodedEnvelopedCms); envelopedCms.Decrypt(); //Here I get the "Bad Key" exception return envelopedCms.ContentInfo.Content; } I am using homegown certificates (makecert.exe) and have added the "homegrown" CA - Root Agency that the makecert tool created to all trusted roots, etc. but to no avail. Any ideas? I'm relatively new to programming with x.509 Regards, Ziga Hello Ziga,
i have a working example of a file encryptor/signer using the X509 classes - see if that works for you http://www.leastprivilege.com/CrypterPKBeta2.aspx --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Hi! > > I'm trying to put together a demo for > signing/verifying/encrypting/decrypting documents via pkcs #7 in > VS2005, as per instructions in > http://msdn2.microsoft.com/en-us/library/ms180960(en-US,VS.80).aspx > > The problem I'm getting is that when I call envelopedCms.Decrypt(), > the operation fails with an error message "Bad Key". > > The code in question: > > static public Byte[] DecryptMsg(byte[] encodedEnvelopedCms) > { > EnvelopedCms envelopedCms = new EnvelopedCms(); > envelopedCms.Decode(encodedEnvelopedCms); > envelopedCms.Decrypt(); //Here I get the "Bad Key" > exception > return envelopedCms.ContentInfo.Content; > } > I am using homegown certificates (makecert.exe) and have added the > "homegrown" CA - Root Agency that the makecert tool created > to all trusted roots, etc. but to no avail. > Any ideas? I'm relatively new to programming with x.509 > > Regards, > > Ziga > Hi, Dominick!
Thanks for the sample, but I managed to get this far without a hitch. I can sign/verify, and encrypt without a problem. Where I crash is on encryptedMessage.Decrypt() where I get the infamous "Bad Key" error. The same happens with your demo, which leads me to believe it has something to do with my key settings or infrastructure. Where do you keep your keys and how do you generate them? Regards, Ziga Jakhel Show quoteHide quote "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> wrote in message news:42565460dff268c78715a8740e50@news.microsoft.com... > Hello Ziga, > > i have a working example of a file encryptor/signer using the X509 > classes - see if that works for you > http://www.leastprivilege.com/CrypterPKBeta2.aspx > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> Hi! >> >> I'm trying to put together a demo for >> signing/verifying/encrypting/decrypting documents via pkcs #7 in >> VS2005, as per instructions in >> http://msdn2.microsoft.com/en-us/library/ms180960(en-US,VS.80).aspx >> >> The problem I'm getting is that when I call envelopedCms.Decrypt(), >> the operation fails with an error message "Bad Key". >> >> The code in question: >> >> static public Byte[] DecryptMsg(byte[] encodedEnvelopedCms) >> { >> EnvelopedCms envelopedCms = new EnvelopedCms(); >> envelopedCms.Decode(encodedEnvelopedCms); >> envelopedCms.Decrypt(); //Here I get the "Bad Key" >> exception >> return envelopedCms.ContentInfo.Content; >> } >> I am using homegown certificates (makecert.exe) and have added the >> "homegrown" CA - Root Agency that the makecert tool created >> to all trusted roots, etc. but to no avail. >> Any ideas? I'm relatively new to programming with x.509 >> >> Regards, >> >> Ziga >> > > Hello Ziga Jakhel" ziga(dot)jakhel(at)rrc.si,
i used a W2K3 CA. well - if you use a X509Chain object, you can disable CRL checking... --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Hi, Dominick! > > Thanks for the sample, but I managed to get this far without a hitch. > I can sign/verify, and encrypt without a problem. > > Where I crash is on encryptedMessage.Decrypt() where I get the > infamous "Bad Key" error. The same happens with your demo, which leads > me to believe it has something to do with my key settings or > infrastructure. > > Where do you keep your keys and how do you generate them? > > Regards, > > Ziga Jakhel > > "Dominick Baier [DevelopMentor]" > <dbaier@pleasepleasenospamdevelop.com> wrote in message > news:42565460dff268c78715a8740e50@news.microsoft.com... > >> Hello Ziga, >> >> i have a working example of a file encryptor/signer using the X509 >> classes - see if that works for you >> http://www.leastprivilege.com/CrypterPKBeta2.aspx >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> Hi! >>> >>> I'm trying to put together a demo for >>> signing/verifying/encrypting/decrypting documents via pkcs #7 in >>> VS2005, as per instructions in >>> http://msdn2.microsoft.com/en-us/library/ms180960(en-US,VS.80).aspx >>> >>> The problem I'm getting is that when I call envelopedCms.Decrypt(), >>> the operation fails with an error message "Bad Key". >>> >>> The code in question: >>> >>> static public Byte[] DecryptMsg(byte[] encodedEnvelopedCms) >>> { >>> EnvelopedCms envelopedCms = new EnvelopedCms(); >>> envelopedCms.Decode(encodedEnvelopedCms); >>> envelopedCms.Decrypt(); //Here I get the "Bad Key" >>> exception >>> return envelopedCms.ContentInfo.Content; >>> } >>> I am using homegown certificates (makecert.exe) and have added the >>> "homegrown" CA - Root Agency that the makecert tool created >>> to all trusted roots, etc. but to no avail. >>> Any ideas? I'm relatively new to programming with x.509 >>> Regards, >>> >>> Ziga >>> Well... yes, I would definitely like to. But how can I use it with
decrypting?!? I've been banging my head about it since yesterday afternoon. Same goes for X509ChainPolicy, which is supposedly a propert of the X509Certificate2 object -- which of course has no like property. Regards, Ziga Show quoteHide quote "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> wrote in message news:42565460dffbc8c7871f5d88b67b@news.microsoft.com... > Hello Ziga Jakhel" ziga(dot)jakhel(at)rrc.si, > > > i used a W2K3 CA. > > well - if you use a X509Chain object, you can disable CRL checking... > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> Hi, Dominick! >> >> Thanks for the sample, but I managed to get this far without a hitch. >> I can sign/verify, and encrypt without a problem. >> >> Where I crash is on encryptedMessage.Decrypt() where I get the >> infamous "Bad Key" error. The same happens with your demo, which leads >> me to believe it has something to do with my key settings or >> infrastructure. >> >> Where do you keep your keys and how do you generate them? >> >> Regards, >> >> Ziga Jakhel >> >> "Dominick Baier [DevelopMentor]" >> <dbaier@pleasepleasenospamdevelop.com> wrote in message >> news:42565460dff268c78715a8740e50@news.microsoft.com... >> >>> Hello Ziga, >>> >>> i have a working example of a file encryptor/signer using the X509 >>> classes - see if that works for you >>> http://www.leastprivilege.com/CrypterPKBeta2.aspx >>> >>> --------------------------------------- >>> Dominick Baier - DevelopMentor >>> http://www.leastprivilege.com >>>> Hi! >>>> >>>> I'm trying to put together a demo for >>>> signing/verifying/encrypting/decrypting documents via pkcs #7 in >>>> VS2005, as per instructions in >>>> http://msdn2.microsoft.com/en-us/library/ms180960(en-US,VS.80).aspx >>>> >>>> The problem I'm getting is that when I call envelopedCms.Decrypt(), >>>> the operation fails with an error message "Bad Key". >>>> >>>> The code in question: >>>> >>>> static public Byte[] DecryptMsg(byte[] encodedEnvelopedCms) >>>> { >>>> EnvelopedCms envelopedCms = new EnvelopedCms(); >>>> envelopedCms.Decode(encodedEnvelopedCms); >>>> envelopedCms.Decrypt(); //Here I get the "Bad Key" >>>> exception >>>> return envelopedCms.ContentInfo.Content; >>>> } >>>> I am using homegown certificates (makecert.exe) and have added the >>>> "homegrown" CA - Root Agency that the makecert tool created >>>> to all trusted roots, etc. but to no avail. >>>> Any ideas? I'm relatively new to programming with x.509 >>>> Regards, >>>> >>>> Ziga >>>> > > Also... if I try to validate a certificate, it comes back as invalid because
the system cannot get/find/access a Certificate Revocation List for the publisher (Root Agency, the certs were generated with makecert). Any ideas how to get around this? Regards, Ziga Show quoteHide quote "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> wrote in message news:42565460dff268c78715a8740e50@news.microsoft.com... > Hello Ziga, > > i have a working example of a file encryptor/signer using the X509 > classes - see if that works for you > http://www.leastprivilege.com/CrypterPKBeta2.aspx > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> Hi! >> >> I'm trying to put together a demo for >> signing/verifying/encrypting/decrypting documents via pkcs #7 in >> VS2005, as per instructions in >> http://msdn2.microsoft.com/en-us/library/ms180960(en-US,VS.80).aspx >> >> The problem I'm getting is that when I call envelopedCms.Decrypt(), >> the operation fails with an error message "Bad Key". >> >> The code in question: >> >> static public Byte[] DecryptMsg(byte[] encodedEnvelopedCms) >> { >> EnvelopedCms envelopedCms = new EnvelopedCms(); >> envelopedCms.Decode(encodedEnvelopedCms); >> envelopedCms.Decrypt(); //Here I get the "Bad Key" >> exception >> return envelopedCms.ContentInfo.Content; >> } >> I am using homegown certificates (makecert.exe) and have added the >> "homegrown" CA - Root Agency that the makecert tool created >> to all trusted roots, etc. but to no avail. >> Any ideas? I'm relatively new to programming with x.509 >> >> Regards, >> >> Ziga >> > > Ok, the problem lies with makecert - generated certificates.
I generated one with Windows2003 CA, as Dominick has suggested and everything works nicely. Regards, Ziga Show quoteHide quote "Ziga Jakhel" <ziga(dot)jakhel(at)rrc.si> wrote in message news:%239P%230TPuFHA.3068@TK2MSFTNGP14.phx.gbl... > Also... if I try to validate a certificate, it comes back as invalid > because the system cannot get/find/access a Certificate Revocation List > for the publisher (Root Agency, the certs were generated with makecert). > > Any ideas how to get around this? > > Regards, > > Ziga > > > "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> > wrote in message news:42565460dff268c78715a8740e50@news.microsoft.com... >> Hello Ziga, >> >> i have a working example of a file encryptor/signer using the X509 >> classes - see if that works for you >> http://www.leastprivilege.com/CrypterPKBeta2.aspx >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >> >>> Hi! >>> >>> I'm trying to put together a demo for >>> signing/verifying/encrypting/decrypting documents via pkcs #7 in >>> VS2005, as per instructions in >>> http://msdn2.microsoft.com/en-us/library/ms180960(en-US,VS.80).aspx >>> >>> The problem I'm getting is that when I call envelopedCms.Decrypt(), >>> the operation fails with an error message "Bad Key". >>> >>> The code in question: >>> >>> static public Byte[] DecryptMsg(byte[] encodedEnvelopedCms) >>> { >>> EnvelopedCms envelopedCms = new EnvelopedCms(); >>> envelopedCms.Decode(encodedEnvelopedCms); >>> envelopedCms.Decrypt(); //Here I get the "Bad Key" >>> exception >>> return envelopedCms.ContentInfo.Content; >>> } >>> I am using homegown certificates (makecert.exe) and have added the >>> "homegrown" CA - Root Agency that the makecert tool created >>> to all trusted roots, etc. but to no avail. >>> Any ideas? I'm relatively new to programming with x.509 >>> >>> Regards, >>> >>> Ziga >>> >> >> > > 
Other interesting topics
Custom Security Permission & Security Attribute troubles
RSACryptoServiceProvider Sending raw sockets without administrative privileges? WindowsPrincipal in a component used in classic ASP always returns the same identity Refresh .Net Framework policy Encrypting Logon Passwords Are .NET Caches Secure from Memory Dumps etc? Ensuring that calling assembly signed by certain keys NTFS file system folder permissions by using Active Directory Serv Authenticode |
|||||||||||||||||||||||
