How to fix Cryptographic Service Provider errors in Windows 10/8/7

Sometimes, when we attempt to place a digital signature into a PDF file using a software designed specifically for the purpose, an error message bearing any one of the following description:

The Windows Cryptographic Service Provider reported an error. Invalid provider type specified, invalid signature, security broken, code 2148073504 or keyset does not exist

The issue in most cases arises due to outdated certificates or corrupted settings in the registry. So, the first thing you may want to do is reset or recreate the user’s profile in domain to check the result.

Cryptographic Service Provider reported an error

Cryptographic Service Provider

According to Microsoft, a cryptographic service provider (CSP) contains implementations of cryptographic standards and algorithms. At a minimum, a CSP consists of a dynamic-link library (DLL) that implements the functions in CryptoSPI (a system program interface). Providers implement cryptographic algorithms, generate keys, provide key storage, and authenticate users.

If you face errors, here are a few things you may want to try:

1] Run services.msc and restart the Windows Cryptographic Service.

2] Open Internet Explorer > Tools > Internet Options. Select the Content Tab and click on Certificates. Check if there is a certificate for the program or the provider which is giving out errors. If it is missing you will have to create a new one. If it is expired, remove it and create a new one. If a particular certificate does not work, choose a different certificate and remove the old certificates.



5] Reinstall the entire certificate store and the user’s certificates.

6] If you have the SafeNet Authentication Client Tool application installed on your system, open the app by navigating to its installation directory or by right clicking the SafeNet icon in system tray and selecting Tools from the menu.

Click the ‘gear’ shaped icon to access the Advanced View section. Under Advanced View section, expand Tokens and navigate to the certificate you want to use for signing. You can locate them under User certificates group.

Next, right click on your certificate and choose Set as CSP from drop down menu. Repeat the same step for all certificates that you’re using.

Close SafeNet Authentication Client Tools and try signing the documents again.

7] Recreate Microsoft Cryptography’s Local Store folder. Navigate to the C:\ProgramData\Microsoft\Crypto\RSA folder. Rename the folder labeled S-1-5-18. Restart your system and see if it helps.

8] If you have ePass2003 software installed, the cause for the problem could be the ePass2003 e-token. It is advisable to have it uninstalled in the first place and reinstall it. For this, go to Settings section of the tool, navigate to Apps and features and uninstall it just like any other application.

Restart your computer and install ePass2003 again. At the time of re-installation make sure that you select MicroSoft CSP when choosing CSP option. Things should revert back to normalcy and Windows cryptographic service provider error should no more appear.

All the best!

Related read: Windows Services will not start.

Posted by on , in Category Windows with Tags
Anand Khanse is the Admin of and a 10-year Microsoft MVP Awardee in Windows for the period 2006-16. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.