Forums, Documentation & Knowledge Base - ComponentSpace

XML decryption and CryptographicException: Bad Key


https://componentspace.com/forums/Topic1881.aspx

By ComponentSpace - 1/20/2016

A CryptographicException: Bad Key error may occur whilst attempting to decrypt an encrypted SAML assertion.
If the decryption key is stored in a PFX file, ensure the key is marked for encryption and signature usage rather than just signature usage. This is the -sky exchange option when using the Microsoft makecert tool.
If this wasn't specified at PFX creation time, the following commands may be used to set this option.


openssl pkcs12 -in sp.pfx -out sp.pem
openssl pkcs12 -export -in sp.pem -out good-sp.pfx -keyex