System.Security.Cryptography.CryptographicException: keyset does not exist

Question

When I make x509 certificate to encypt and decypt message, I got some error information and could not fix this problem. Could someone ever happend to solve this bug? thanks.

Answer 1

In my case the private key was stored in "C:\ProgramData\Microsoft\Crypto\Keys" and not machinekeys folder - you can check using certutil to find out the "Unique container name" that will be the private key.

I now scan through the crypto directory to find the match. WIth that match I can set the correct ACL on the appropriate file

Answer 2

The application might be trying to write to the following folder path: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

If your application is using impersonation or using the IUSR_MACHINENAME user, then configure the MachineKeys folder sercurities and give the user Read & Execute, List Folder Contents, Read, Write. If that doesn't work, try giving the Everyone user the same permissions.

Answer 3

Try running vs as Administrator. Worked for me

Answer 4

I ran into this error when I wasn't loading in the PrivateKey from my certificate into my signedXmlElement's SigningKey when trying to sign a SAML response.

signedElement.SigningKey = myCertificate.PrivateKey;

Answer 5

I did run into the same problem. The message is not ideal and in my case my user did not have permission to access the private key. You can fix this using these steps:

1. Open mmc
2. Add certificate snap-in
3. select the certificate you want to use
4. right click on it and select 'All Tasks' / 'Manage Private Keys...'
5. Add your user to the list of authorized users and allow 'Full Control'

Answer 6

I received same error as OP: "System.Security.Cryptography.CryptographicException: keyset does not exist"

The resolution (for me) was: Visual Studio needs to be (run as Admin)

As was explained to me(YMMV), VS needs to be run as Admin in order to extract the certificates private key from the key store, in order to negotiate auth/handshake with keyvault.