October 25, 2018

MS CNG NCryptSignHash returns 0x80090020

We’ve seen this error when trying to sign using a smart card:

msCngSignWithCert
    Acquired CNG private key.
    dwKeySpec: 0xffffffff
    key is CERT_NCRYPT_KEY_SPEC
    setSmartCardPin:
        setting smart card pin...
    --setSmartCardPin
    Using PKCS1 padding.
    msCngSign.NCryptSignHash failed.
    failed to sign.
    secStatus: 0x80090020
--msCngSignWithCert

The 0x80090020 error is a generic “NTE_FAILED: An internal error occurred”. See https://docs.microsoft.com/en-us/windows/desktop/com/com-error-codes-4

To clarify: Chilkat calls the Microsoft CNG (Cryptographic Next Generation) API, and CNG interacts with the smart card CSP (Cryptographic Service Provider). In other words, it’s like this: Chilkat –> Microsoft CNG –> Atos CardOS API v5.4

The CNG function that is returning the error is NCryptSignHash. See https://docs.microsoft.com/en-us/windows/desktop/api/ncrypt/nf-ncrypt-ncryptsignhash

It seems that the error is caused by an expired smart card.

In a particular test case, the problem occurs for an expired smart card, but there is no problem for a non-expired smart card (using the same smart card vendor).

 

admin
0
Tags :

Tags

ActiveX asp async asynchronous C# callbacks Delphi email Encryption error messages events exchange server FTP GMail HTTP IMAP IOS Java Linking MIME oauth2 Office365 pfx PHP pop3 port-forwarding regsvr32 release notes RSA SFTP smartcard SMTP socket SSH SSL TLS tunnel upload vb6 VBScript VC++ x64 xades XML zip