I recently had the need to encrypt some items in an application configuration file to secure some account passwords that were being stored there. After consulting with Brad Turner, we decided to use an x509 certificate to provide the public and private keys needed for RSA encryption. He requested one from our local certificate authority for this purpose and placed it in the machine store. I was able to easily retrieve the cert and encrypt the data, however, I ran into some issues attempting to use it for decryption. While trying to do an explicit conversion from the x509Certificate2.PrivateKey property to an RSACryptoServiceProvider object:
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509.PrivateKey;
I received an "Invalid provider type specified" error. I was unable to find anything related to this specific problem online, however, we were able to surmize that the error was refering to the cryptographic provider type used to create the certificate. Based on some previous experience, Brad knew that the new v3 template for certificates on Windows 2008 server can cause some issues for older technologies. After creating a new certificate using an older template (v2), this error was no longer an issue. This may be fixed with the 4.0 Framework, but be aware, if you are using 3.5 or older, you may run into this problem.