2

I want to use RSA to encrypt/decrypt some data using IIS's ssl ceritifcate, from within a web service(WCF). I've managed so far to do this by using .NET security classes(RSACryptoServiceProvider/X509Certificate2) - the client uses server's certificate to encrypt the data, the web service can use the private key(by granting permissions to the application pool identity, accordingly) to decrypt it. This works fine for the situations when the certificate storage provider is CSP. Unfortunately, the certificate installed on the production sever uses KSP, and the private key can be only accessed by using CNG api. I found a library on codeplex(Security.Criptography) that exposes methods to access the private key, but couldn't make encryption/decryption work. I expect that the encryption process shouldn't change - encryption is done using server's certificate, regardless where/how it's coresponding private key is stored. I can use RsaCNG class to obtain the private key but when I pass in the byte array obtained from the client, as a parameter to DecryptValue method, I get Invalid parameter exception. Any ideas on how this problem should be approached?

0 Answers0