From 826130b32bd5bade52f63ed2f377869a0373a4e9 Mon Sep 17 00:00:00 2001
From: "Sperling, Nicholas Niven" <Nicholas.Sperling@utoledo.edu>
Date: Mon, 3 Nov 2025 12:36:30 -0500
Subject: [PATCH] Move from Cryptographic Service Provider (CSP) to a Key
 Storage Provider (KSP) for RSA-based certificates (KB5066835,
 CVE-2024-30098).

---
 PluginVersion.txt                     | 2 +-
 Source/SmartCertificateKeyProvider.cs | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/PluginVersion.txt b/PluginVersion.txt
index a6454c1..5df52fd 100644
--- a/PluginVersion.txt
+++ b/PluginVersion.txt
@@ -1,3 +1,3 @@
 :
-SmartCertificateKeyProviderPlugin:2.0.1
+SmartCertificateKeyProviderPlugin:2.0.2
 :
diff --git a/Source/SmartCertificateKeyProvider.cs b/Source/SmartCertificateKeyProvider.cs
index 8e37562..db8b587 100644
--- a/Source/SmartCertificateKeyProvider.cs
+++ b/Source/SmartCertificateKeyProvider.cs
@@ -109,12 +109,12 @@ public override byte[] GetKey(KeyProviderQueryContext keyProviderQueryContext)
             {
                 try
                 {
-                    if (certificate.PrivateKey is RSA rsa)
+                    using (RSACng rsaCng = certificate.GetRSAPrivateKey() as RSACng)
                     {
                         CertificateCache.StoreCachedValue(keyProviderQueryContext.DatabasePath, certificate.Thumbprint);
 
                         // Using HashAlgorithmName.SHA1 for backward compatibility
-                        return rsa.SignData(DataToSign, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); // DO NOT CHANGE THIS!!!!;
+                        return rsaCng.SignData(DataToSign, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1); // DO NOT CHANGE THIS!!!!;
                     }
                 }
                 catch (Exception ex)