Subject: "Unable to generate XML signature." signing an assertion with a pfx created with the X509KeyStorageFlags.EphemeralKeySet flag Date: 2021-01-06 14:58:26 From: danf879 Source: unable-generate-xml-signature-signing-assertion-pfx-created-x509keystorageflags-ephemeralkeyset-flag ---------------------------------------------------------------------- Hi! We use the ComponentPro.Saml library in a .NET app running on an Azure Function. We have run into issues several times in production when the hosts %APPDATA%\Microsoft\Crypto\RSA\ folder fills to capacity and causes crashes. In order to mitigate this, we have been testing creating the pfx with the X509KeyStorageFlags.EphemeralKeySet flag. However, ComponentPro does not seem to support this when using the Sign function. byte[] bytes = Base64.Decode("secret"); var coll = new X509Certificate2Collection(); coll.Import(bytes, null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.EphemeralKeySet); X509Certificate2 pfx = coll[0]; Assertion _samlAssertion = CreateSAMLAssertion(etc...); _samlAssertion.Sign(pfx); //errors here Thanks! -Dan ---------------------------------------------------------------------- Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor who sold you the license and ask for your money back. Back to ComponentPro Q&A Forum Index