Keyset does not exist WebApi X509 Self Signed Certificate
HI All,
I have created a self signed certificate for signing my JWT tokens for access to a web api.
Now (i think as my machine has restarted but i'm not 100%) I am getting the error;
which is being thrown here;
This has happened before and following this link fixed the issue. However, it just seem to be short term.
http://stackoverflow.com/questions/12106011/system-security-cryptography-cryptographicexception-keyset-does-not-exist
Can anyone help me to solve this permanantly?
I have created a self signed certificate for signing my JWT tokens for access to a web api.
Now (i think as my machine has restarted but i'm not 100%) I am getting the error;
System.InvalidOperationException was unhandled by user code
HResult=-2146233079
Message=IDX10614: AsymmetricSecurityKey.GetSignatureFormater( 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' ) threw an exception.
Key: 'System.IdentityModel.Tokens.X509AsymmetricSecurityKey'
SignatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', check to make sure the SignatureAlgorithm is supported.
Exception:'System.Security.Cryptography.CryptographicException: Keyset does not exist
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
at System.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(AsymmetricSecurityKey key, String algorithm, Boolean willCreateSignatures)'.
If you only need to verify signatures the parameter 'willBeUseForSigning' should be false if the private key is not be available.
Source=System.IdentityModel.Tokens.Jwt
StackTrace:
at System.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(AsymmetricSecurityKey key, String algorithm, Boolean willCreateSignatures)
at System.IdentityModel.Tokens.SignatureProviderFactory.CreateProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at System.IdentityModel.Tokens.SignatureProviderFactory.CreateForSigning(SecurityKey key, String algorithm)
at System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateSignature(String inputString, SecurityKey key, String algorithm, SignatureProvider signatureProvider)
at System.IdentityModel.Tokens.JwtSecurityTokenHandler.WriteToken(SecurityToken token)
at TelematicusApi.ProvidersMyJwtFormat.Protect(AuthenticationTicket data) in c:\Users\bernie\Documents\Visual Studio 2013\Projects\Api\Providers\MyJwtFormat.cs:line 57
at Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext.SerializeTicket()
at Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerHandler.<InvokeTokenEndpointAsync>d__22.MoveNext()
InnerException: System.Security.Cryptography.CryptographicException
HResult=-2146893802
Message=Keyset does not exist
Source=mscorlib
StackTrace:
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
at System.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(AsymmetricSecurityKey key, String algorithm, Boolean willCreateSignatures)
InnerException:
which is being thrown here;
var token = new JwtSecurityToken(
_issuer,
audienceId,
data.Identity.Claims,
issued.Value.UtcDateTime,
expires.Value.UtcDateTime,
x509SigningCredentials);
var handler = new JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
This has happened before and following this link fixed the issue. However, it just seem to be short term.
http://stackoverflow.com/questions/12106011/system-security-cryptography-cryptographicexception-keyset-does-not-exist
Can anyone help me to solve this permanantly?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
The link above provides what is a PERMANENT solution unless you plan to keep changing certificates.
The logic is simple in order for the traffic to flow the private key MUST be installed in the local machine store and the certificate should also be in the Trusted Root to ensure it is a trusted certificate.
Once you follow the steps above and install the certificate (with private key) to the personal and trusted root stores you will be ok.
If you change the certificate with a new self-signed you will have to repeat the process.
The logic is simple in order for the traffic to flow the private key MUST be installed in the local machine store and the certificate should also be in the Trusted Root to ensure it is a trusted certificate.
Once you follow the steps above and install the certificate (with private key) to the personal and trusted root stores you will be ok.
If you change the certificate with a new self-signed you will have to repeat the process.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial