Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO

Getting CryptographicException after upgrading from version 7.4 to 9.1

0 votes
36 views
asked Mar 2 in .NET FTP by apoquindo (210 points)

I am using the following C# code for logging in to an FTPS site with a client certificate:

SSLFTPClient FTPS = new SSLFTPClient
{
    LicenseOwner = "myCompany",
    LicenseKey = "myLicenseKey",
    RemoteHost = "myHostAddress",
    IsImplicitFTPS = false,
    ServerValidation = SecureFTPServerValidationType.None               
};

var client = SSLFTPCertificate.CreateFromPFX(@"C:\path\to\my\file.pfx", "myCertPassword");
FTPS.ClientCertificate = client;
FTPS.Connect();
FTPS.Auth(SSLFTPSSLVersion.TLS1, true);
FTPS.Login("myUsername", "myPassword");

When I execute this code using version 7.4 of the edtFTPnetPRO.DLL library, it works fine.  When I use version 9.1 of the DLL, I get an exception like the following:

System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.
   at QTExBAC6b7VWK91UaJ2.MPn5i5Cig5pXv5HLit6.CIlpZjYmSbg(J6xBlYbZsHE9PxsPlfd )
   at uEmGDiCnXpsa2p8OshP.p0CuuyCMVEc8SUTVySr.gX6EELWPbE(BaseSocket )
   at uEmGDiCnXpsa2p8OshP.p0CuuyCMVEc8SUTVySr.wBJEgJIlmS()
   at EnterpriseDT.Net.Ftp.Ssl.SSLFTPClient.Auth(SSLFTPSSLVersion minSsl, SSLFTPSSLVersion maxSsl, Boolean secureDataChannels)
   at EnterpriseDT.Net.Ftp.Ssl.SSLFTPClient.Auth(SSLFTPSSLVersion sslVersion, Boolean secureDataChannels)

As the error indicates, the exception is being thrown when the Auth() method is being called.  I have attempted this process with two different client certificates from two different sources (one was self-signed, the other was provided by a financial institution) pointing to two different FTPS sites, but I get the same error both times. 

Can anyone tell me why the old version works, but the new version doesn't?

commented Mar 2 by support2 (143,330 points)
We've got a patched DLL that might solve this issue. Please email support at our domain to ask for it.

1 Answer

0 votes
answered Mar 6 by apoquindo (210 points)

I discovered that version 9.1 of the DLL has an overload of the CreateFromPFX() method to specify that the certificate is exportable.  Setting this to true fixed my issue.

The line should be changed to look like this:

var client = SSLFTPCertificate.CreateFromPFX(@"C:\path\to\my\file.pfx", "myCertPassword", true);

Hopefully this will help someone else in the future.

...