Digital Signing/Decrypting with asymmetric key in medium trust .NET 4.0
-
18-03-2022 - |
Question
I have some files which I would like to sign digitally with my own certificate in ASP:NET. In 3.5 .NET (medium trust) I managed to do this, but when switching to .NET 4.0 in medium trust I have the System.Security exception:
System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.KeyContainerPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.CodeAccessSecurityEngine.Check(CodeAccessPermission cap, StackCrawlMark& stackMark)
at System.Security.CodeAccessPermission.Demand()
at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
My code is:
X509Certificate2 certificate = null;
try
{
certificate = new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + licenceFile, licenceFilePass, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
if (certificate == null)
throw new Exception("The certificate is null!!!");
}
catch (Exception ex)
{
exception += "X509Certificate2 fail! Did not get certificate " + AppDomain.CurrentDomain.BaseDirectory + licenceFile;
exception += FormatException(ex);
goto SetError;
}
RSACryptoServiceProvider myRSASigner = null;
try
{
myRSASigner = (RSACryptoServiceProvider)certificate.PrivateKey;
if (myRSASigner == null)
{
throw new Exception("No valid cert was found");
}
doc = SignXmlFile(doc, myRSASigner);
catch (Exception ex)
{
exception += "SignXmlFile failed";
exception += FormatException(ex);
goto SetError;
}
The error occurs when I try to extract the PrivateKey of my own locally stored license file:
myRSASigner = (RSACryptoServiceProvider)certificate.PrivateKey;
I understand that I am missing the KeyContainerPermission, but for my own certificate? Unfortunatly, I also decrypt with another certificate and of course the same problem appears....
I can't raise the trust level, because the website is on a hosted server. I also doubt that I can convince my provider to install my own assembly in the GAC to do this...
No correct solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow