After either
- latest upgrade to Monterey 12.6 or
- having installed the azure command line tools from brew
I am having issues with my .NET application when it attempts to use the keychain for signing data:
lientCertificateCredential authentication failed: The operation couldn’t be completed. (OSStatus error -25293 - CSSM Exception: -2147416032 CSSMERR_CSP_OPERATION_AUTH_DENIED)
---> Interop+AppleCrypto+AppleCFErrorCryptographicException: The operation couldn’t be completed. (OSStatus error -25293 - CSSM Exception: -2147416032 CSSMERR_CSP_OPERATION_AUTH_DENIED)
at Interop.AppleCrypto.NativeCreateSignature(SafeSecKeyRefHandle privateKey, ReadOnlySpan`1 dataHash, PAL_HashAlgorithm hashAlgorithm, PAL_SignatureAlgorithm signatureAlgorithm)
at Interop.AppleCrypto.CreateSignature(SafeSecKeyRefHandle privateKey, ReadOnlySpan`1 dataHash, PAL_HashAlgorithm hashAlgorithm, PAL_SignatureAlgorithm signatureAlgorithm)
at System.Security.Cryptography.RSAImplementation.RSASecurityTransforms.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
at System.Security.Cryptography.RSA.SignData(Byte[] data, Int32 offset, Int32 count, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
I post this here because the core of the exception appears to be an exceptional access pattern that results in the following failure code:
OSStatus error -25293 - CSSM Exception: -2147416032 CSSMERR_CSP_OPERATION_AUTH_DENIED
Unfortunately I haven't found much about this on the internet. I created an issue with the relevant dotnet repo,, but feel that it may make sense to follow this up here.
My current (very tedious)workaround is to restart the machine - a re-login doesn't help, but a reboot makes this work as it previously did after which, somehow, the exception resurfaces again after some time (as if something expires?)
Saddened to report that after the dotnet update the problem had lost its teeth, now it has come back. I need to reboot again.