"Keyset does not exist" when using SignData function with RSA

Question

"Keyset does not exist". I know that there are tons of question about this error, but mine is totally different.

I'm not gona use the key from windows certificate store, but load the public key & private key from 2 bare strings, using method "fromXMLString".

rsa.fromXMLString "<RSAKeyValue><Modulus>......"

then

rsa.SignData buffer, algSHA1

and Booom! : "Keyset does not exist"

Can someone please tell me that using the rsa key pair from 2 xmlStrings is innocent and it entirely does not relate to windows certificate store? I have my own approach of storing & loading certificate/keys.

PS: The other answers for questions on this error told questioner to set correct permission for private key in cert-store. But in my case, I used no private key file in that store, right ?

Answer 1

I know this question is 7 years old, but I had the exact same issue and found the problem (at least for me).

If you encrypt your data with rsa.Encrypt(), you need either your public or private key. Both work. When you use decrypt (rsa.Decrypt()) you have to use the private key. The public key is not capable of doing that.

Now for the important part. Signing flips this. You have to sign your data with rsa.SignData() using your private key! This is important, because with this only the private key is capable of creating new signed data. For the validation with rsa.VerifyData() you can use, again, either of the keys.

This allows your clients, for example, to validate a license, without storing the private key.