News  [SoftwareSite

Latest News
Older News
RSS Feed
 
Complete Projects
Useful Classes
Top Downloads
Message Board
AllAPI.net
 
Send Comments
Software License
Mentalis.org Buttons
Donate
 
Forums -> Security Library Forum
 
Could not acquire private key  
by Alvin
posted on 2004/05/09

I have problems with this Exception ? I can't even run the sample program AsymmetricCryptography from the same reason. Any suggestions ?

by Pieter Philippaerts [Pieter at mentalis dot org]
posted on 2004/05/15

We were aware of problems with the PrivateKey property when called from a Windows Service [this problem has been fixed in the new security libary we uploaded yesterday], so perhaps the fix solves the problem you're experiencing. Could you test the latest version of the library, and see whether it still throws the exception?

by Waqqas Farooq [mwaqqas at mail dot com]
posted on 2004/05/31

I am trying to connect using a .p12 certificate but I am stuck with the exception:
"Exception occurred while connecting: System.ArgumentException: If a certificate is specified, it must have a private key."

Please help me out. I have no previous experience in using SSL.

by Jim Hunt [jimh at netwasp dot com]
posted on 2004/06/14

Hi

I've got the same problem. The same set of calls to the CryptoAPI using C++ work but using .Net and the Mentalis library fail. Here's the C++:

hCertStore = CertOpenStore(
CERT_STORE_PROV_SYSTEM,
0,
NULL,
CERT_SYSTEM_STORE_CURRENT_USER,
L"SPC");

if((pSignerCertContext = CertFindCertificateInStore(
hCertStore,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_STR,
L"PhoneThemes",
NULL);

CryptAcquireCertificatePrivateKey(
pSignerCertContext,
0,
NULL,
&hProv,
&dwKeySpec,
NULL);

Which works. Here's the Mentalis calls:

CertificateStore cs = new CertificateStore("SPC");

Certificate cert = cs.FindCertificateBySubjectString("PhoneThemes");

HashAlgorithm algo = new MD5CryptoServiceProvider();
byte[] arybHash = algo.ComputeHash(aryData);

RSACryptoServiceProvider KeyCipher = (RSACryptoServiceProvider)cert.PrivateKey;

Which do not (the exception is thrown in The last call "PrivateKey").

I'd really like to use the Mentalis library as it wraps up 50 lines of code into 5 but at the moment I will have to just P/Invoke the CryptoAPI.

Come on Mentalis, tell me what I'm doing that's stupid!

:)


by Jim Hunt [jim at netwasp dot net]
posted on 2004/06/14

Here's an update!

The problem actually turned out to that the certificate had been added to the store under a non LocalSystem account - in other words my fault!

by Ant [wombat at mimetes dot com]
posted on 2004/06/21

Hmm, Am having the same problem - how does one add a certificate to store using the localsystem account? I tried reading a PFX file and had the same error - I'm not able to read the private key of a pfx file unless it was one I created.

by Bonstio [bonstio101 at hotmail dot com]
posted on 2005/05/09

HI HI

Same problem here! The certificate I am trying to get the provate key from is one genereated from EJBCA (in fact an activex component in a browser generates the cert and sticks it in the Windows cert store)

Now, if I try and open the store and use the cert it tells me that I must have a private key (even tho it clearly has one). However, if I export the cert (inc. private key) to a file and then re-import it, it works a treat.

So the question is, how can I get the mentalis libarary to read the private key from this certificate without having to export and then reimport???

THanks!

by Manoj [manoj dot andhappilly at medem dot com]
posted on 2005/08/05

Hi Bonstio,

I am not sure whether you have already resolved your issue with EJBCA generated certificate or not, but here is the clue. The pfx/p12 file generated by EJBCA has multiple certificates. This is because the end user certificate is generated by a CA and hence the pfx file includes the CA's certificate/certificates as well.

So the key here is to enumerate through all the certificates using the EnumCertificates() API of the CertificateStore and then check each certificate for the PrivateKey using the HasPrivateKey() API of the certificate. One of the certificates (almost always the last one) will have the PrivateKey.

Hope this helps.

Thanks,
Manoj

by Bonstio [spam at bonstio dot net]
posted on 2005/10/10

Hi Manoj,

Thanks for you reply.

This is exactly what I am doing already. Check the code. This builds a table of all certificates and works:

foreach (Certificate cert in store.EnumCertificates())
{
dataSetCerts.Tables[0].Rows.Add(
new string[] {
cert.GetName().ToString(),
cert.GetIssuerName().ToString(),
cert.GetExpirationDate().ToString()
}
);
}


If I find the certificate which ejbca generated (still by the activeX webpage component) and call HasPrivateKey() it returns false. :-/

Any ideas?

 

Copyright © 2002-2007, The Mentalis.org Team. All rights reserved.
This site is located at http://www.mentalis.org/
Send comments to the webmaster.