CryptAcquireContext with CRYPT_SILENT flag

I tried to open a file. I got accessed denied error. No problem, lemme check ACL and finally the “effective permission”. Oh! I have full access. Hmmm…..What could be wrong? OK, lemme see if the file is encrypted. Yes, it is. Do I have corresponding certificate? Yes, the thumbprint matches with the certificate available in my user store. So, what the heck could be wrong?

I spent hours debugging the problem.  Here is what was happening-

I had exported the EFS certificate and while importing back, I had enabled strong private key protection. This option makes will give you a warning or ask a password whenever private key is accessed by any application. Since EFS runs as service, it could not give the prompt and I was denied access to the file.

Moral of the story-

If you have an application that needs to access private key of a certificate, take into consideration that private key might have been protected by password. This is very important for applications which run in services mode and call CryptAcquireContext CRYPT_SILENT flag..

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS