Article Rating

  • 0 Rating(s)
  • 0
  • 0
  • 0
  • 0
  • 0

Using DoubleLock causes a CryptographicException

Using DoubleLock causes a CryptographicException

System.Security.Cryptography.CryptographicException: Access is denied.

at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider.ExportCspBlob(Boolean includePrivateParameters)
at Thycotic.ihawu.Business.DoubleLock.Cryptography.KeyFactory.CreatePublicAndPrivateKeys(PublicKey& publicKey, PrivateKey& privateKey



This error most likely a Trust issue with a shared server that can occur when running off a shared server from a hosting company.

The problem is the RSACryptoServiceProvider method ToXmlString requires the permission 
System.Security.Permissions.KeyContainerPermission
which demands Full Trust if you want to export the private Parameters. Basically, your server is not giving you permission to export the Private Parameters because that will expose the private parameters of the entire machine, which could compromise the security. So the hosting company disabled it in the machine.config file by setting the trust level below Full, probably to Medium and disabled overriding it with the web.config file. If the server were running at full trust, it would work perfectly.

However, if you have full control over the server and you aren't working a shared environment, it is a matter of setting the <trust /> element in the machine.config file or the web.config file (if it is overridable). 

You will need to add the following line to the web.config file.

<trust level="Full" />

To the <system.web> section.

Unfortunately, if you are in a shared environment with a 3rd party hosting company that does not grant Full permission then the Double Lock feature will not accessible.

Article ID: 89, Created On: 3/18/2010, Modified: 3/18/2010