Hello,

I'm not sure whether this is the issue in the seclib library, but I post this question here, since I did not find anything about it on other forums.

In our project, we generate certificate requests using XEnroll. We use MS Enhanced provider and not-exportable keys (ie. GenKeyFlags==0; this is important thing here, because it works with exportable certificates). Then we use seclib to load this certificate from certstore, where xenroll saves it. Operations involving only public key (encrypting/verifying) work as expected, but when we try to decrypt/sign something, we get the following exception:
System.Security.Cryptography.CryptographicException: Bad Key.
at System.Security.Cryptography.RSACryptoServiceProvider._DecryptKey(IntPtr hCSP, IntPtr hPubKey, Byte[] rgbKey, Int32 dwFlags)
at System.Security.Cryptography.RSACryptoServiceProvider.Decrypt(Byte[] rgb, Boolean fOAEP)
...

Everything works in Windows 2000 and Windows XP but in Windows 98 and Windows NT 4.0, we have to generate exportable certificates. Any ideas?

Thanks.

Marian

Yes, we're aware of that problem but unfortunately we can't do anything about it; it's a bug in the RSACryptoServiceProvider class. We've notified Microsoft about this and they promised to fix it in .NET 2.0.

If you really need to work with these nonexportable RSACryptoServiceProvider keys, you can use the hack we used for our SSL library (we initially had the same problem as you). Look for the RSAKeyTransform.cs class in the security library source code.

P.S. also make sure you have the latest version of Internet Explorer installed. IE contains several cryptography upgrades.