I am trying to create a self-signed certificate on the fly (programmatically) in a C # assembly (targeting .NET 4.0) to serve as the root CA for creating other certificates. The certificate should not be stored in the Windows certificate store, I export it as a file.
After reading this question (and, in particular, @dthorpe answer ), I decided to give a try CLR Security .
The library CLR Securityhosted the extension method of the CngKey class to create a self-signed certificate, but I could not succeed by creating an instance CngKeywith:
var key = CngKey.Create(CngAlgorithm.Sha1); //same with Sha256, Sha512 and MD5
//or
var key = CngKey.Create(CngAlgorithm.Sha1, null, new CngKeyCreationParameters()
{
ExportPolicy = CngExportPolicies.AllowExport,
KeyUsage = CngKeyUsages.AllUsages,
KeyCreationOptions = CngKeyCreationOptions.MachineKey,
});
Any of these lines throw an exception:
System.Security.Cryptography.CryptographicException
HResult = -2146893783
= .
Source=System.Core
StackTrace:
at System.Security.Cryptography.NCryptNative.CreatePersistedKey(SafeNCryptProviderHandle provider, String algorithm, String name, CngKeyCreationOptions options)
at System.Security.Cryptography.CngKey.Create(CngAlgorithm algorithm, String keyName, CngKeyCreationParameters creationParameters)
at System.Security.Cryptography.CngKey.Create(CngAlgorithm algorithm)
at Tests.Program.Main(String[] args) at Program.cs:line 51
SO , :
- Windows 7 ( RPC MSDN)
- Windows Server 2012,
- admin ( , )
CNG Key Isolation Remote Procedure Call (RPC)
.