1

I got this exception from the deployment machine, which didn't happened in my development machine. This is a .net framework website.

System.Security.Cryptography.CryptographicException: The system cannot find the file specified.

   at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.Utils._CreateCSP(CspParameters param, Boolean randomKeyContainer, SafeProvHandle& hProv)
   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at Org.BouncyCastle.Security.DotNetUtilities.CreateRSAProvider(RSAParameters rp)
   at Box.V2.JWTAuth.BoxJWTAuth..ctor(IBoxConfig boxConfig)

My case is one of the SDK used in the website is reading RSA private_keys.pem file. And looking into that SDK code in github:

 var pwf = new PEMPasswordFinder(this.boxConfig.JWTPrivateKeyPassword);
        AsymmetricCipherKeyPair key;
        using (var reader = new StringReader(this.boxConfig.JWTPrivateKey))
        {
            key = (AsymmetricCipherKeyPair)new PemReader(reader, pwf).ReadObject();
        }
        var rsa = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)key.Private);

The SDK working fine in my development machine, but not the deployment machine. I don't know what specified file cannot find, i think it is not the private_key.pem file.

So I search around try to find out how the Cryptogrphy thing work out. Here is what i found, point out anything if it wrong. It seems like the cryptoAPI, create a RSA key container, and if application level don't have right access to the key container, it throw the exception. That is the specified file system looking for?

If yes, how to fix it?

Eike Pierstorff
  • 31,996
  • 4
  • 43
  • 62
Feng
  • 56
  • 1
  • 6
  • My biggest issue is I don't manage the deployment machine or IIS. even through, i found some similar issue solution, i can't just give a try in IIS. I would like to learn more before i can guide IT how to fix the issue. https://blogs.msdn.microsoft.com/duetsupport/2012/04/06/system-security-cryptography-cryptographicexception-the-system-cannot-find-the-file-specified/ – Feng Dec 10 '16 at 21:47

1 Answers1

1

We had a similar issue at the office. A recent group policy update removed permissions from the %ProgramData%\Microsoft\Crypto\RSA\MachineKeys folder. Our application was creating a self signed certificate with BouncyCastle. Users who had installed the application prior to the policy update were able to keep running the app. Users who installed the app after the update were unable to run the application. Using Process Monitor helped us identify what was happening (using Windows Explorer, we could see the file created, but the application didn't have list folder contents).

This group policy update was pushed to make the hard drive encryption ransomware applications unable to create the keys necessary to encrypt your drives. We will be working on a permanent solution to this issue that meets our security department's policies.

Tangurena
  • 2,121
  • 1
  • 22
  • 41