We help IT Professionals succeed at work.
Get Started

Keyset does not exist WebApi X509 Self Signed Certificate

1,749 Views
Last Modified: 2016-07-15
HI All,

I have created a self signed certificate for signing my JWT tokens for access to a web api.

Now (i think as my machine has restarted but i'm not 100%) I am getting the error;

System.InvalidOperationException was unhandled by user code
  HResult=-2146233079
  Message=IDX10614: AsymmetricSecurityKey.GetSignatureFormater( 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' ) threw an exception.
Key: 'System.IdentityModel.Tokens.X509AsymmetricSecurityKey'
SignatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', check to make sure the SignatureAlgorithm is supported.
Exception:'System.Security.Cryptography.CryptographicException: Keyset does not exist

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
   at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()
   at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
   at System.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(AsymmetricSecurityKey key, String algorithm, Boolean willCreateSignatures)'.
If you only need to verify signatures the parameter 'willBeUseForSigning' should be false if the private key is not be available.
  Source=System.IdentityModel.Tokens.Jwt
  StackTrace:
       at System.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(AsymmetricSecurityKey key, String algorithm, Boolean willCreateSignatures)
       at System.IdentityModel.Tokens.SignatureProviderFactory.CreateProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
       at System.IdentityModel.Tokens.SignatureProviderFactory.CreateForSigning(SecurityKey key, String algorithm)
       at System.IdentityModel.Tokens.JwtSecurityTokenHandler.CreateSignature(String inputString, SecurityKey key, String algorithm, SignatureProvider signatureProvider)
       at System.IdentityModel.Tokens.JwtSecurityTokenHandler.WriteToken(SecurityToken token)
       at TelematicusApi.ProvidersMyJwtFormat.Protect(AuthenticationTicket data) in c:\Users\bernie\Documents\Visual Studio 2013\Projects\Api\Providers\MyJwtFormat.cs:line 57
       at Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext.SerializeTicket()
       at Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerHandler.<InvokeTokenEndpointAsync>d__22.MoveNext()
  InnerException: System.Security.Cryptography.CryptographicException
       HResult=-2146893802
       Message=Keyset does not exist

       Source=mscorlib
       StackTrace:
            at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
            at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
            at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
            at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
            at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
            at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.get_PrivateKey()
            at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
            at System.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(AsymmetricSecurityKey key, String algorithm, Boolean willCreateSignatures)
       InnerException: 

Open in new window


which is being thrown here;

            var token = new JwtSecurityToken(
                _issuer,
                audienceId,
                data.Identity.Claims,
                issued.Value.UtcDateTime,
                expires.Value.UtcDateTime,
                x509SigningCredentials);

            var handler = new JwtSecurityTokenHandler();

            var jwt = handler.WriteToken(token);

Open in new window


This has happened before and following this link fixed the issue. However, it just seem to be short term.

http://stackoverflow.com/questions/12106011/system-security-cryptography-cryptographicexception-keyset-does-not-exist

Can anyone help me to solve this permanantly?
Comment
Watch Question
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 1 Answer and 1 Comment.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE