docusign-esign-csharp-client: Enable use of .NET Core / Linux / Docker: Getting 'CspKeyContainerInfo' requires Windows Cryptographic API error

I’m developing aspnetcore2.2 application and using DucuSign SDK 3.1.3 When I invoke RequestJWTUserToken method from the VisualStudio(Windows machine) everything is okay, but when I try to invoke the same method from Docker I get the following error: ‘CspKeyContainerInfo’ requires Windows Cryptographic API (CAPI), which is not available on this platform.

System.PlatformNotSupportedException : 'CspKeyContainerInfo' requires Windows Cryptographic API (CAPI), which is not available on this platform.
Stack Trace:
  at System.Security.Cryptography.RSACryptoServiceProvider.get_CspKeyContainerInfo()
  at Microsoft.IdentityModel.Tokens.RSACryptoServiceProviderProxy..ctor(RSACryptoServiceProvider rsa) in C:\agent2\_work\56\s\src\Microsoft.IdentityModel.Tokens\RsaCryptoServiceProviderProxy.cs:line 74
  at Microsoft.IdentityModel.Tokens.AsymmetricAdapter.Initialize(RSA rsa, String algorithm) in C:\agent2\_work\56\s\src\Microsoft.IdentityModel.Tokens\AsymmetricAdapter.cs:line 305
  at Microsoft.IdentityModel.Tokens.AsymmetricAdapter..ctor(SecurityKey key, String algorithm, HashAlgorithm hashAlgorithm, HashAlgorithmName hashAlgorithmName, Boolean requirePrivateKey) in C:\agent2\_work\56\s\src\Microsoft.IdentityModel.Tokens\AsymmetricAdapter.cs:line 84
  at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.ResolveAsymmetricAdapter(SecurityKey key, String algorithm, Boolean requirePrivateKey) in C:\agent2\_work\56\s\src\Microsoft.IdentityModel.Tokens\AsymmetricSignatureProvider.cs:line 207
  at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures) in C:\agent2\_work\56\s\src\Microsoft.IdentityModel.Tokens\AsymmetricSignatureProvider.cs:line 133
  at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures) in C:\agent2\_work\56\s\src\Microsoft.IdentityModel.Tokens\CryptoProviderFactory.cs:line 442
  at Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(String input, SigningCredentials signingCredentials) in C:\agent2\_work\56\s\src\Microsoft.IdentityModel.JsonWebTokens\JwtTokenUtilities.cs:line 69
  at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateJwtSecurityTokenPrivate(String issuer, String audience, ClaimsIdentity subject, Nullable`1 notBefore, Nullable`1 expires, Nullable`1 issuedAt, SigningCredentials signingCredentials, EncryptingCredentials encryptingCredentials) in C:\agent2\_work\56\s\src\System.IdentityModel.Tokens.Jwt\JwtSecurityTokenHandler.cs:line 504
  at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.CreateToken(SecurityTokenDescriptor tokenDescriptor) in C:\agent2\_work\56\s\src\System.IdentityModel.Tokens.Jwt\JwtSecurityTokenHandler.cs:line 466
  at DocuSign.eSign.Client.ApiClient.RequestJWTUserToken(String clientId, String userId, String oauthBasePath, Byte[] privateKeyBytes, Int32 expiresInHours, List`1 scopes)

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 19 (8 by maintainers)

Most upvoted comments

Hello, we think we found a fix today.

We have look at the code and especially the RequestJWTUserToken function (the problem is the same with RequestJWTApplicationToken but we don’t use it)

We have paste this function into our code to detect where the code crash exactly. The first crash was here

var provider = new RSACryptoServiceProvider(cspParameters);

Here the entire block of code :

#if NETSTANDARD2_0
         var provider = new RSACryptoServiceProvider();
#else
            var cspParameters = new CspParameters
            {
                Flags = CspProviderFlags.UseMachineKeyStore,
            };

            var provider = new RSACryptoServiceProvider(cspParameters);
#

We are in .NET Core but the NETSTANDARD2_0 IF was not used (disabled) So for testing we keep only this line :

var provider = new RSACryptoServiceProvider();

After that first fix, the code crash at this line :

var token = handler.CreateToken(descriptor);

So we have try to upgrade the System.IdentityModel.Tokens.Jwt Nuget Package from 5.3.0 to 5.4.0 and it works

Disclaimer : we only replace the RequestJWTUserToken part from the SDK by this fixed function.

We don’t know if this “fix” don’t cause any trouble at the rest of the SDK.

Thanks in advance Kind Regards

Rémi D. from Ineat Conseil

+2
odinnou on Mar 20, 2019

Hi All, sorry you guys are facing this issue. I have open an investigation ticket (DCM-3073), will be updating this channel with our progress.

+2
RajRele on Jan 18, 2019

Hi @RajRele, It works for me.

var userToken = docuSignClient.RequestJWTUserToken(
                             settings.ClientId,
                             settings.UserId,
                             settings.OAuthBasePath,
                             settings.PrivateKeyBytes,
                             settings.ExpiresInHours);

This use case who throw exception before on a MacOS system, works perfectly with the version 4.0.1-rc

+1
HulinCedric on Aug 10, 2019
Read more comments on GitHub
← docusign-esign-csharp-client: Could not load type 'System.IdentityModel.Tokens.JwtSecurityTokenHandler' from assembly 'System.IdentityModel.Tokens.Jwt
docusign-esign-node-client: Error trying to read form-data of signed document: 444 "The custom error module does not recognize this error" →