I'm develoving a custom CNG Key Storage Provider. It works fine with some applications like Chrome, but a third party application uses the CryptAcquireCertificatePrivateKey method with the certificate context causing a 0x80090016 without invoking any method of my KSP.
¿Is possible to use the CryptAcquireCertificatePrivateKey method with a certificate with a private key stored in a Key Storage Provider?
I found an answer in the NCryptTranslateHandle function documentation:
This is a helper function intended to help applications and system components that currently use the CryptoAPI to make a graceful transition to using CNG.
This function will only be successful if a CNG key storage provider is registered with a name or alias that is identical to the name of the cryptographic service provider (CSP) referred to by the hLegacyProv parameter.
This function will perform the following steps to translate the CSP handle into a CNG key handle:
Obtain the name of the CSP from the hLegacyProv handle. Open the CNG provider whose name or alias is identical to the CSP name. Obtain the name of the current key container in the CSP. Obtain the CryptoAPI key, translate it into a CNG key, and return it in the phKey parameter.
Registering the KSP with the same name or alias as the CSP does the trick.