Windows error 0x80090029, -2146893783

Smartcard logon - where to find more details on "the requested operation is not supported"?

I have written a custom credential provider and a key storage provider to do a custom logon for windows where I use my smartphone instead of a card reader. The certificate is delivered to my key storage provider via bluetooth and lsass.exe calls the SignHash-function of my key storage provider. [...] read more

New-SelfSignedCertificateEx fails with NTE_NOT_SUPPORTED

I am trying to use PowerShell to create a self-signed certificate for encrypting and decrypting data in a development environment. I am using the excellent New-SelfSignedCertificateEx PowerShell script. My OS is Windows 10 and I have the Windows Management Framework 5.0 installed. Here is the script: New-SelfSignedCertificateEx ` -Subject "CN=Test, [...] read more

Import a persistent key in to Windows key storage using CNG storage functions

I'm trying to import a persistent RSA public key into the key storage. I read on the CNG help page that it's possible for private keys and I wonder if I can also apply is to public keys (specifically the BCRYPT_RSAPUBLIC_BLOB). I've tried with the following code, but in the [...] read more

Usage of Win32 API Ncrypt and Bcrypt : why the tutorial code fails after a very simple variation?

I practice using the win32 APIs to do some crypto stuff. I began with the code demo found here. It compiled it with Visual 2017 under Windows 10 x64, and it worked fine. Then I tried to play a little with it: changing signature algo, hash algo and key storage. [...] read more

Error while configuring MS Server 2019 AD Certifification Service

every time I try to configure the Active Directory Certificate Services as Root-CA (Enterprise CA), I get the following error: "An error occurred when creating the new key container "XXX". Please make sure the CSP is installed ocrrectly or select another CSP. The requested operation is not supported 0x80090029 (-2146893783 [...] read more

CertUtil Import pfx failed: NTE_NOT_SUPPORTED

I am attempting to set the KeySpec flag on an existing certificate for use in a SQL server encryption role. Current KeySpec is 0, and I need it to be a 1. The way to do this is by first exporting the cert, its private key, and key usages into [...] read more

How to export EC private key as PKCS#1 or PKCS#8 format from certificate store by CNG?

I tried to export private key from certificate store by CNG API. It work fine when export RSA private key, but failed in EC private key. The code failed in NCryptExportKey() with 0x80090029. Is there any document from MS said: Export EC private key not support? or any sample code? [...] read more

System.Security.Cryptography.CryptographicException: 'The requested operation is not supported

Following the example of creating an identity server from the identityserver4 documents, I received the following exception on the line AddDeveloperSigningCredentials() System.Security.Cryptography.CryptographicException HResult=0x80090029 Message=The requested operation is not supported. Source=System.Core StackTrace: at System.Security.Cryptography.NCryptNative.ExportKey(SafeNCryptKeyHandle key, String format) at System.Security.Cryptography.CngKey.Export(CngKeyBlobFormat format) at System.Security.Cryptography.RSACng.ExportParameters(Boolean includePrivateParameters) at Microsoft.Extensions.DependencyInjection.IdentityServerBuilderExtensionsCrypto.CreateRsaSecurityKey() at Microsoft.Extensions.DependencyInjection.IdentityServerBuilderExtensionsCrypto.AddDeveloperSigningCredential(IIdentityServerBuilder builder, Boolean persistKey, String [...] read more

Structure of the certificate pointed to by NCRYPT_KEY_HANDLE

I've written a credential provider and a key storage provider to logon to windows via certificate. As the documentation in this points is quite vague I used different samples from Microsoft to get things working. I think I'm nearly there, but the logon behaves unpredictably. Sometimes I get through to [...] read more