"Unable to generate XML signature." signing an assertion with a pfx created with the X509KeyStorageFlags.EphemeralKeySet flag

Subject: "Unable to generate XML signature." signing an assertion with a pfx created with the X509KeyStorageFlags.EphemeralKeySet flag
Date: 2021-01-06 14:58:26
From: danf879
Source: unable-generate-xml-signature-signing-assertion-pfx-created-x509keystorageflags-ephemeralkeyset-flag
----------------------------------------------------------------------

Hi!
We use the ComponentPro.Saml library in a .NET app running on an Azure Function.
We have run into issues several times in production when the hosts %APPDATA%\Microsoft\Crypto\RSA\ folder fills to capacity and causes crashes.
In order to mitigate this, we have been testing creating the pfx with the X509KeyStorageFlags.EphemeralKeySet flag.
However, ComponentPro does not seem to support this when using the Sign function.

            byte[] bytes = Base64.Decode("secret");
            var coll = new X509Certificate2Collection();
            coll.Import(bytes, null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.EphemeralKeySet);
            X509Certificate2 pfx = coll[0];

            Assertion _samlAssertion = CreateSAMLAssertion(etc...);

            _samlAssertion.Sign(pfx);  //errors here

Thanks!
-Dan

----------------------------------------------------------------------

Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.

Back to ComponentPro Q&A Forum Index