Using NCryptoki with an IIS web api

8/27/2020 9:38:44 PM
Gravatar
Total Posts 2

Using NCryptoki with an IIS web api

Hi,

we developed a webapi application with .NET to run inside IIS (64 bit) to decrypt files (10Mb). The api works well if you make one request at a time but if you make two request with a large fiel to decrypt each one, in a loop of 10 iterations you could get the error message 400.CRYPTO_NOT_INITIALIZED many times.

Another strange behavior with the same error result is if you make a request to decrypt a file (10Mb) and in the middle of the process you send another request to decrypt/encrypt a short string it produces the first big request to cancel with the 400.CRYPTO_NOT_INITIALIZED error.

Thanks in advance for your help!

Damian

 

8/28/2020 12:52:06 PM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: Using NCryptoki with an IIS web api

Hi Damiam,

the issues you are experimenting usually appear when you are using NCryptoki in multi-threading environment without enabling multithreading.

To enable multi-threading you should call Cryptoki.Initialize(true). By passing true you enable multithreading.

Please, try and let me know...

 

9/1/2020 9:20:11 PM
Gravatar
Total Posts 2

Re: Using NCryptoki with an IIS web api

Hi Ugo,

first of all thanks for early respond!

Regard the Multithreading = True durgin the Initialize call, we tried that option with the same bad results.

 

This behavior is detected while we decrypt a large files like we do.

The basics of our api is to decrypt record by record files with 10.000 records. 

1. Our api receives the file via a Post call

2. Verifies some simple parameters the customer send

3. Initialize the NCryptoki with all the required info

4. Loop through the 10000 records to decrypt them one by one and keep the bytes result in memory

5. Converts all the decrypted records (bytes) to an hexacode string

6. Finally respond to the post with the string result

 

If you do this and in the middle of the decryption process and send another POSt to decrypt another string (you know when to do it because it takes many seconds to finish) is highly possible to make the first call to stop with the error we mentioned in the previuos post (400.CRYPTO_NOT_INITIALIZED). It's looks like the IIS doesn't keep the two calls isolated and the second clear the cryptoki objects/resources from memory.

Could it be an IIS wrong configuration?

Thanks again for your support!

Damian