Reputation: 316
NCryptOpenStorageProvider + KeyIso
Restarting the service after opening the provider breaks the connection and forces you to restart the entire application.
Step by step:
Open the provider
NCryptOpenStorageProvider(myProvider, MS_KEY_STORAGE_PROVIDER, 0)— will be "00000000" (ERROR_SUCCESS)Restart the
CNG Key IsolationserviceReopen the provider
NCryptOpenStorageProvider(myProvider, MS_KEY_STORAGE_PROVIDER, 0)— will be "80070006" (ERROR_INVALID_HANDLE)
How to properly reopen the provider after restarting the service without restarting the application?
Upvotes: -1
Views: 159
Answers (1)
Reputation: 33706
when you first call
NCryptOpenStorageProvider(&hProvider, MS_KEY_STORAGE_PROVIDER, 0);
the ncryptprov.dll is loaded and when it function MsProvCryptOpenProvider_KeyIso called ( it is NCryptOpenStorageProviderFn from NCRYPT_KEY_STORAGE_FUNCTION_TABLE ) first time (the MsProvCryptOpenProvider_KeyIso called every time when you open MS_KEY_STORAGE_PROVIDER ) it call KeyIsoServerBind and cache some handle to KeyIso service. which of course became invalid after service restart. how i view, the KeyIsoServerUnbind (internal function in ncryptprov.dll) called only when ncryptprov.dll is unloaded. and ncrypt byself never unload already loaded providers, even after all handles to it was closed ( via NCryptFreeObject). so really no way fix this without process restart.
however i note that some windows buil-in components also affected. when i lock workstation and then try unlock it back, by using PIN provider, i got next error
Upvotes: 1
Related Questions
- How to encrypt data in one instance of Windows and decrypt in different OS instance running on the same system?
- RSA Decryption exception: The length of the data to decrypt is not valid for the size of this key
- Does WCF in .NET 4.6.2 support server certificates with PK in CNG KSP?
- MS CA certificate generation with individual keys, C#
- Self-Restarting application crashes under certain circumstances