Thursday, June 18, 2009

Invalid provider type specified

I recently had the need to encrypt some items in an application configuration file to secure some account passwords that were being stored there. After consulting with Brad Turner, we decided to use an x509 certificate to provide the public and private keys needed for RSA encryption. He requested one from our local certificate authority for this purpose and placed it in the machine store. I was able to easily retrieve the cert and encrypt the data, however, I ran into some issues attempting to use it for decryption. While trying to do an explicit conversion from the x509Certificate2.PrivateKey property to an RSACryptoServiceProvider object:

    RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509.PrivateKey;

I received an "Invalid provider type specified" error. I was unable to find anything related to this specific problem online, however, we were able to surmize that the error was refering to the cryptographic provider type used to create the certificate. Based on some previous experience, Brad knew that the new v3 template for certificates on Windows 2008 server can cause some issues for older technologies. After creating a new certificate using an older template (v2), this error was no longer an issue. This may be fixed with the 4.0 Framework, but be aware, if you are using 3.5 or older, you may run into this problem.

5 comments:

egjeg said...

I'm seeing what looks like the same issue. What steps do I need to take to request a V2 certificate in Win2008?

Rebecca Croft said...

egjeg, I asked our resident expert and this was their reply...

That is based solely on the template that the request is generated against. A v2 template will only issue v2 certs, v3 template only v3 certs, etc.

Please let me know if that doesnt help and I will try to find you some more information.

Nishant said...

yes you are right.


Work from home

Eugene Rosenfeld [MOSS MVP] said...

Thanks for a great post. I found that the desktop OS tends to have the issue here. I executed the same app with the same certificate on Vista and Windows Server 2003. Vista generated the error, Windows Server did not.

Rebecca Croft said...

Thanks Eugene! We came across this problem on Windows Server 2008 SP 2.