MS CNG NCryptSignHash returns 0x80090020

We’ve seen this error when trying to sign using a smart card:

    Acquired CNG private key.
    dwKeySpec: 0xffffffff
        setting smart card pin...
    Using PKCS1 padding.
    msCngSign.NCryptSignHash failed.
    failed to sign.
    secStatus: 0x80090020

The 0x80090020 error is a generic “NTE_FAILED: An internal error occurred”. See

To clarify: Chilkat calls the Microsoft CNG (Cryptographic Next Generation) API, and CNG interacts with the smart card CSP (Cryptographic Service Provider). In other words, it’s like this: Chilkat –> Microsoft CNG –> Atos CardOS API v5.4

The CNG function that is returning the error is NCryptSignHash. See

It seems that the error is caused by an expired smart card.

In a particular test case, the problem occurs for an expired smart card, but there is no problem for a non-expired smart card (using the same smart card vendor).