"Key not valid for use in specified state" 正在尝试签署 Xml

"Key not valid for use in specified state" while trying to Sign a Xml

我的历史:

在上传到政府机构之前,我需要签署我所有的 Xml's。 为了签名,我使用从 X509Store:

加载的客户端证书
var repo = new X509Store("My", StoreLocation.CurrentUser);

repo.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

foreach (X509Certificate2 certCurrent in repo.Certificates)
{
    if (!certCurrent.Subject.Equals(subject)) continue;

    if (certCurrent.NotAfter > DateTime.Now)
    {
        repo.Close();
        return certCurrent;
    }
}

repo.Close();
return null;

SignedXml (XmlDocument xmlDoc, string id, X509Certificate2 certificate):

var refer = new Reference();
refer.Uri = "#" + id;
refer.AddTransform(new XmlDsigEnvelopedSignatureTransform());
refer.AddTransform(new XmlDsigC14NTransform());

var signedXml = new SignedXml(xmlDoc);
signedXml.SigningKey = certificate.PrivateKey;
signedXml.AddReference(refer);

signedXml.ComputeSignature();

var key = new KeyInfo();
key.AddClause(new KeyInfoX509Data(certificate));
signedXml.KeyInfo = key;

//Final signature xml block.
XmlElement signedBlock = signedXml.GetXml();

问题:

我的一个客户更改了他的 PC 密码,第二个代码块无中生有地抛出了这个错误:

Message - 
    Key not valid for use in specified state.
Type - 
    CryptographicException
Source - 
    mscorlib
TargetSite - 
    System.Security.Cryptography.SafeProvHandle CreateProvHandle(System.Security.Cryptography.CspParameters, Boolean)
StackTrace - 
    at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
    at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
    at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
    at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
    at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
    at Util.SignXml.Sign(XmlDocument xmlDoc, String id, X509Certificate2 certificate, String& error)

它说 PrivateKeygetter 正在抛出该异常。 稍后,我将尝试再次安装该证书,并选中 Exportable

PS: Windows Server 2003

由于我的客户更改了密码,certificate 需要重新安装。

就是这样。