m_safeCertContext is an invalid handle

c# digital-signature digital-certificate
Sergio picture Sergio · Jan 14, 2009 · Viewed 20.1k times · Source

I've been wrestling with a problem, maybe you guys can point me in the right direction.

I'm trying to digitally sign a pdf, on the webserver, over an https connection.

At page load i'm doing as so:

HttpClientCertificate cs = Request.ClientCertificate;
X509Certificate card = new X509Certificate(cs.Certificate);
Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
 Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(card.GetRawCertData())};

I'm getting the error "m_safeCertContext is an invalid handle" at that last line of code.

Please note that:

  • I am getting the same error using 2 completely different certificates.
  • The certificate is being retrieved to the "card" variable ok.
  • I used to get the card to X509Certificate2 but i read yesterday somewhere I'm not being able to find that the error could be solved by casting as a X509Certificate and then downcasting to X509Certificate2. It was one of those "well... this does not makes any sense but i havent tried it yet" moments.
  • I have tried to add [System.Security.SecurityCritical, System.Security.SecurityTreatAsSafe] property to all methods and even the class to see if it would work... no such luck.

Can anyone one give me a hint?

Answer

DanM7 picture DanM7 · Nov 21, 2013

This can happen any time you access uninitialized fields in cryptography.

In your code, if Request.ClientCertificate returns an object with no raw certificate data then you will see the error when you call card.GetRawCertData() on your fourth line.

As a simple test, try the following:

var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2();
Console.WriteLine(cert.Thumbprint);

This will throw the following exception because there is no thumbprint available:

m_safeCertContext is an invalid handle.

with the given stack trace:

at System.Security.Cryptography.X509Certificates.X509Certificate.ThrowIfContextInvalid()
at System.Security.Cryptography.X509Certificates.X509Certificate.SetThumbprint()
at System.Security.Cryptography.X509Certificates.X509Certificate.GetCertHashString()
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_Thumbprint()
at MyEncryptionUtility.EncryptionUtilityForm.button1_Click(Object sender, EventArgs e) in C:\MyEncryptionUtility\EncryptionUtilityForm.cs:line 2864

Related questions

In C#, sign an xml with a x.509 certificate and check the signature

I'm trying to sign an XML file using a x.509 certificate, I can use the private key to sign the document and then use the CheckSignature method (it has an overload that receives a certificate as parameter) to verify the …

Read More
Digitally sign PDF files

I have a digital certificate that identifies an user. I need to use it to Digitally sign pdf files. Does anyone have an example that does not uses a third party component? I need to get this done but it …

Read More
Error occurred while decoding OAEP padding

While decrypting text using RSACryptoServiceProvider.Decrypt, I am getting the error: Error occurred while decoding OAEP padding. Here's my code: CspParameters cspParam = new CspParameters(); cspParam = new CspParameters(); cspParam.Flags = CspProviderFlags.UseMachineKeyStore; clsCertificates cc = new clsCertificates(); string a = ""; cc.OpenStoreIE(ref …

Read More