Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Hi all,
The other day a customer of mine got this exception when trying to use AES algorithms with EnvelopedCms class in their .NET 3.5 application:
Exception type: System.Security.Cryptography.CryptographicException
Message: An internal error occurred.
They got the exception on Windows Vista SP2/Server 2008 SP2 and later versions when using using a third-party CSP. Why?
EnvelopedCms class uses CAPI2 (CryptMsg* API) behind the scenes. CAPI2 requires a CNG provider for any algorithm that is not on this list:
CryptFindOIDInfo Function
"
Symmetric Encryption Algorithms:
CALG_DES
CALG_3DES
CALG_RC2
CALG_RC4
Algorithms that are not listed are supported by using Cryptography API: Next Generation (CNG) only; "
In customer's scenario, third-party CSP was a legacy CSP and not a CNG provider.
Summing up, if you want to work with i.e. AES128, AES192 & AES256 algorithms, you will need a CNG provider.
Now, I will post about this in greater detail soon, but EnvelopedCms class doesn't support CNG. So basically, we cannot use AES algorithms with that class under this scenario.
I hope this helps.
Regards,
Alex (Alejandro Campos Magencio)
PS: This post is related to this: "An internal error ocurred" when using SHA-2 algorithms with SignedCMS. For any algorithms not included in CryptFindOIDInfo Function, we will have to use CNG instead of legacy providers.
Comments
- Anonymous
August 20, 2010
Will EnvelopedCMS be supporting AES any time soon?