I've got a service which needs access to a private key.

I've been trying to retrieve the key from the currentservice location, but I get an exception when I try to get hold of the Current Service's "MY" store using the following code;

try
{
StoreLocation mentalisLocation = StoreLocation.CurrentService;

CertificateStore certStore =
new CertificateStore(mentalisLocation, "MY");

Certificate mentalisCert = certStore.FindCertificateByHash(hash);

// Convert the certificate from a mentalis certificate to a WSE certificate
cert = new X509Certificate(mentalisCert.Handle);

}
catch (Exception ex)
{
throw ex;
}

The exception gets thrown on the New CertificateStore() line. Looking at the code in the certifcate.cs this is due to an invalid handle coming back from the CryptoAPI.

Can anyone tell me what I'm doing wrong? Is there an alternative / better way of retireving a private key from within a service?

I've already tried doing this using MS WSE, but that doesn't seem to work with the LocalService setting (Just returns an empty certificate store regardless)

Jon

Service certificates are stores in the registry under the following location:
HKEY_LOCAL_MACHINE\Software\Microsoft\Crytography\Services\<ServiceName>\SystemCertificates

Can you make sure that these keys exist? If they do not exist, that particular service has no certificate store installed [and this would result in an error when trying to open the store].