CryptographicException: Couldn't acquire crypto service provider context.

Question

Reposting from http://www.mentalis.org/forum/thread.qpx/971 because I need an answer. I hope you guys can help me out.

The component in question is Org.Mentalis.SecurityServices.dll.

---

Hey all. I'm having troubles.

CryptographicException: Couldn't acquire crypto service provider context.

StackTrace:

at Org.Mentalis.SecurityServices.Cryptography.CryptoHandle.CreateInternalHandle(IntPtr handle, String container)
at ORG.Mentalis.SecurityServices.Cryptography.CryptoHandle.get_Handle()
at Org.Mentalis.SecurityServices.Cryptography.RC4CryptoServiceProvider.ctor()
at <place in my app where I try to create the RC4 CryptoServiceProvider>

I had to copy that exception trace by hand, from a screenshot sent to me by a client.

Essentially, I have created a .NET 3.5 WinForms application for XP that uses the RC4CryptoServiceProvider to load encrypted user details from an .ini file on startup. It's worked fine for months.

About a week ago, I got this exact exception message on my computer. I did some hunting online, but couldn't find much - everything I found was related to websites.

I eventually stumbled on a workaround that got things working on my computer. When I deleted the files from the following three folders:

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\token\

C:\Documents and Settings\my_username\Application Data\Microsoft\Crypto\RSA\token\

The problem went away. The folders re-populated with new information the next time I ran the application.

I had thought this was just something unique to my own development environment - that I had downloaded something weird that corrupted my cryptographic files and folders. It's not a field in which I am an expert - I just use the component, and it Just Works. Well... Up until now.

The problem is, one of my company's clients has just recently started experiencing the same error, and I'm not comfortable asking them to just clear out their Crypto files without being able to justify why. Also, it would seem that this wasn't due to something odd that I downloaded, as this exception is arising on a series of commercial Terminal Servers.

I've been looking around for support on this issue, but I'm not having much luck. I'll keep looking around. Can anyone out there shed some light on the situation?

Thanks for your time.

Answer 1

Do you know if your clients have the CSPs installed on their computer? Older versions of Windows won't have certain CSPs installed. It's also possible that they're running a foreign version of Windows that doesn't support strong cryptography (I'm thinking the French version might not be allowed to have all of them.)

Another possibility might be permissions. Maybe the process running the code is no longer running with administrative authority, or the authority associated with your account changed.

Answer 2

The Mentalis library should really be setting the CRYPT_VERIFYCONTEXT flag when calling CryptAcquireContext. Since they are not, each instance of RC4CryptoServiceProvider creates a handle to the default persistent key container (which is stored in the file you located with procmon).

Are you creating keys in multiple threads (or from multiple processes)? A wild guess would be that you are having some problems with locking of the file.