How to fix Cryptographic Service Provider errors in Windows 10

Sometimes, when we attempt to place a digital signature into a PDF file using a software designed specifically for the purpose, an error message bearing any one of the following descriptions:

The Windows Cryptographic Service Provider reported an error. Invalid provider type specified, invalid signature, security broken, code 2148073504 or keyset does not exist

The issue, in most cases, arises due to outdated certificates or corrupted settings in the registry. So, the first thing you may want to do is reset or recreate the user’s profile in the domain to check the result.

Cryptographic Service Provider reported an error

Cryptographic Service Provider

According to Microsoft, a cryptographic service provider (CSP) contains implementations of cryptographic standards and algorithms. At a minimum, a CSP consists of a dynamic-link library (DLL) that implements the functions in CryptoSPI (a system program interface). Providers implement cryptographic algorithms, generate keys, provide key storage, and authenticate users.

If you face Cryptographic Service Provider errors, here are a few things you may want to try:

  1. Restart Cryptographic Service
  2. Check the Certificate
  3. Reinstall the Certificate
  4. SafeNet Authentication Client Tool
  5. Recreate Microsoft Cryptography’s Local Store folder
  6. Uninstall ePass2003.

1] Restart Cryptographic Service

Run services.msc and restart the Windows Cryptographic Service.

2] Check the Certificate

Open Internet Explorer > Tools > Internet Options. Select the Content Tab and click on Certificates. Check if there is a certificate for the program or the provider which is giving out errors. If it is missing, you will have to create a new one. If it is expired, remove it and create a new one. If a particular certificate does not work, choose a different certificate, and remove the old certificates.

3] Reinstall the Certificate

Reinstall the entire certificate store and the user’s certificates.

4] Check the SafeNet Authentication Client Tool

If you have the SafeNet Authentication Client Tool application installed on your system, open the app by navigating to its installation directory or by right-clicking the SafeNet icon in the system tray and selecting Tools from the menu.

Click the ‘gear’ shaped icon to access the Advanced View section. Under the Advanced View section, expand Tokens and navigate to the certificate you want to use for signing. You can locate them under User certificates group.

Next, right-click on your certificate and choose Set as CSP from drop-down menu. Repeat the same step for all certificates that you’re using.

Close SafeNet Authentication Client Tools and try signing the documents again.

5] Recreate Microsoft Cryptography’s Local Store folder

Navigate to the C:\ProgramData\Microsoft\Crypto\RSA folder. Rename the folder labeled S-1-5-18. Restart your system and see if it helps.

6] Uninstall ePass2003

If you have ePass2003 software installed, the cause for the problem could be the ePass2003 e-token. It is advisable to have it uninstalled in the first place and reinstall it. For this, go to the Settings section of the tool, navigate to Apps and features and uninstall it just like any other application.

Restart your computer and install ePass2003 again. At the time of re-installation make sure that you select Microsoft CSP when choosing CSP option. Things should revert to normalcy and Windows cryptographic service provider error should no more appear.

All the best!

Related read: Windows Services will not start.

Posted by on , in Category Windows with Tags
Anand Khanse is the Admin of, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.