envelopedcms.decrypt access denied

When I try to decrypt a decoded envelopedcms I get an "Access Denied".

The same code with the same private key works on Windows7 and Windows 2008R2 but on Windows10 and Windows 2012R2 I get the "access denied".

The error is also reported in the security eventlog:

Provider name: Microsoft Software Key Storage Provider
Algorithm name: RSA
Key type: user key
Cryptographic operation: decrypt

Note that "Cryptographic operation: open" works without error.

What can be the problem?

I have tried using certutil to set the AT_KEYEXCHANGE flag in the private key, but this results in the following error:

C:\>certutil -user -importpfx mykey.pfx AT_KEYEXCHANGE
Enter PFX password:

Alg=2400 ==> a400
CertUtil: -importPFX command FAILED: 0x80090005 (-2146893819 NTE_BAD_DATA)
CertUtil: Bad Data.

Does anybody have any idea what the problem can be?

Thanks!