MS CNG NCryptSignHash returns 0x80090020
We’ve seen this error when trying to sign using a smart card:
msCngSignWithCert Acquired CNG private key. dwKeySpec: 0xffffffff key is CERT_NCRYPT_KEY_SPEC setSmartCardPin: setting smart card pin... --setSmartCardPin Using PKCS1 padding. msCngSign.NCryptSignHash failed. failed to sign. secStatus: 0x80090020 --msCngSignWithCert
The 0x80090020 error is a generic “NTE_FAILED: An internal error occurred”. See https://docs.microsoft.com/en-us/windows/desktop/com/com-error-codes-4
To clarify: Chilkat calls the Microsoft CNG (Cryptographic Next Generation) API, and CNG interacts with the smart card CSP (Cryptographic Service Provider). In other words, it’s like this: Chilkat –> Microsoft CNG –> Atos CardOS API v5.4
The CNG function that is returning the error is NCryptSignHash. See https://docs.microsoft.com/en-us/windows/desktop/api/ncrypt/nf-ncrypt-ncryptsignhash
It seems that the error is caused by an expired smart card.
In a particular test case, the problem occurs for an expired smart card, but there is no problem for a non-expired smart card (using the same smart card vendor).