(Bug, Arc4u 6.0.12.1): AddCertificateDecryptorConfiguration does not work on internal development PC

[vvdb-architecture]

Describe the bug When using the default SHA2 Dev encryptor certificate, decryption throws an error

To Reproduce In appsettings.development.json, add:

  "Blabla": "Encrypt:7xRoAvBynz4gYOPpfyy21MDL2davXvOya1mOadRHxHUhJmrzWrv5PCGW8yxEp5eXyW5aMthOGmaFrr4cfJHE//ckf4o3B8XwxUY/+E3HReGQhlhZ9dnpWojK3tCoggqUtTYngSflqhMnGQCrnwNWb3v84fDbaYHK9s4vNxuKTKWy3fymyFhAySPucXvnfoUghfpqBljPYJEv5hhL4YRDxMdPj2JL9NyLfVkX/BKBAoWGKP0Ikw2hH8re7wVkfvcl9bB/oDeQ+dZ2NTs1+d8aolfrZIrRMI/uDLgYWqrj+fltVJuBUsUAPIvNItneRyZ4LNYqK/OFH5dmOfA0Y4yXlg==",

This is hello encrypted with the default certificate. It will trigger the decryption, but instead you will see

>[16:30:52 INF] Starting up
2>[16:30:52 FTL] Unhandled exception
2>Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: Keyset does not exist
2>   at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
2>   at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
2>   at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
2>   at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()
2>   at Internal.Cryptography.Pal.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
2>   at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(X509Certificate2 certificate)
2>   at Arc4u.Security.Cryptography.Certificate.Decrypt(X509Certificate2 x509, String base64CypherString) in /_/src/Arc4u.Standard/Security/Cryptography/x509Certificate2.cs:line 131
2>   at Arc4u.Configuration.Decryptor.SecretConfigurationCertificateProvider.Load() in D:\a\Arc4u\Arc4u\src\Arc4u.Standard.Configuration.Decryptor\SecretConfigurationCertificateProvider.cs:line 65
2>   at Microsoft.Extensions.Configuration.ConfigurationManager.AddSource(IConfigurationSource source)
2>   at Microsoft.Extensions.Configuration.ConfigurationManager.Microsoft.Extensions.Configuration.IConfigurationBuilder.Add(IConfigurationSource source)
2>   at Arc4u.Configuration.Decryptor.SecretDecryptorConfiguratorExtensions.AddCertificateDecryptorConfiguration(IConfigurationBuilder configurationBuilder) in D:\a\Arc4u\Arc4u\src\Arc4u.Standard.Configuration.Decryptor\SecretDecryptorConfiguratorExtensions.cs:line 16
2>   at Program.<>c.<<Main>$>b__0_1(HostBuilderContext hostingContext, IConfigurationBuilder config) in C:\PRJ\HappyFlow\TestFlow\BE\Yarp\TestFlow.Yarp.Host\Program.cs:line 52
2>   at Microsoft.AspNetCore.Builder.ConfigureHostBuilder.ConfigureAppConfiguration(Action`2 configureDelegate)
2>   at Program.<Main>$(String[] args) in C:\PRJ\HappyFlow\TestFlow\BE\Yarp\TestFlow.Yarp.Host\Program.cs:line 38

Expected behavior Correct decryption

The probable cause is that the current user by default doesn't have access to the private key. And because we are not administrators of our own machine, we can't add it.

[rdarko]

this has been submitted to the infrastructure team - we can currently wait.

[vvdb-architecture]

Update: a test where permissions were added manually by the server team was successful. The problem is to build a software package for this operation, since the certificate has a different ID on every machine.