Reading an X.509 Certificate2 PrivateKey

Question

The following code is failing with the following message when trying to output the PrivateKey or PublicKey. (The Thumbprint will output fine.):

The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation.

If I run as local administrator, it works. How do I get around this issue.

fyi.. the certificate (pfx) is password protected--but not sure how to indicate that in this code snippet.

var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadOnly);
string thumbprint = "D80FB0BB6485B6A2DE647812C5AA72A8F7ABA14C";

X509Certificate2Collection certCollection = certStore.Certificates.Find(
    X509FindType.FindByThumbprint,
    thumbprint, false);

// Close the certificate store.
certStore.Close();

if (certCollection.Count == 0)
{
    throw new SecurityException(string.Format(CultureInfo.InvariantCulture, "No certificate was found for thumbprint {0}", thumbprint));
}
Console.WriteLine(certCollection[0].PrivateKey);

Answer 1

You need to grant that account the "Manage auditing and security log rights". See http://support.microsoft.com/kb/2000257/en-US for more information. That is quite strange for a certificate operation, though.

How to view permissions for RSA Key Container may be relevant here, since it discusses requiring the same privilege to access a private key.

The account may have the privilege but it may need to be enabled. See C# Random Exception when Getting / Setting Registry ACL "SeSecurityPrivilege" for sample code.