Certificates from the Local Machine\Computer or User Store can be used to decrypt or sign messages. Administrators have full control over the certificate private keys. When debugging locally through Visual Studio in the process of generating a json-web-token, decrypting, or signing a payload you may get the following when attempting to load the certificate:
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1619206229899/e3d1mZab8.png" alt="image.png" />
<pre><code class="lang-sh">Keyset does not exist
</code></pre>
Alternatively, you can give your account access to the private keys by right clicking on your certificate -&gt; All Tasks -&gt; Manage Private Keys...
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1620164559646/XpdU9S4pM.png" alt="image.png" />
Add your own account and give it Read permissions.
Can be <a target="_blank" href="https://gist.github.com/Wind010/c2a99e99dbd9e8384dd28e39dc9ffb24">automated</a> through Powershell.
Also interesting to note that the certificate thumbprint copied from the MMC/UI can contain an extra space or hidden character:
<a href="https://support.microsoft.com/en-us/topic/certificate-thumbprint-displayed-in-mmc-certificate-snap-in-has-extra-invisible-unicode-character-c9e58dcb-f39a-d0a1-f7fc-bcaaa6fe64e4" class="autolinkedURL autolinkedURL-url" target="_blank">support.microsoft.com/en-us/topic/certifica..</a> (so many typos...).
<a href="https://stackoverflow.com/questions/25949361/why-does-an-equality-check-fail-when-copy-pasting-certificate-thumbprint-strings" class="autolinkedURL autolinkedURL-url" target="_blank">stackoverflow.com/questions/25949361/why-do..</a>

Certificates from the Local Machine\Computer or User Store can be used to decrypt or sign messages.  **Administrators ** have full control over the certificate private keys.  When debugging locally through Visual Studio in the process of generating a json-web-token, decrypting, or signing a payload you may get the following when attempting to load the certificate:

![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1619206229899/e3d1mZab8.png)

```sh
Keyset does not exist
```

Alternatively, you can give your account access to the private keys by right clicking on your certificate -> All Tasks -> Manage Private Keys...



![image.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1620164559646/XpdU9S4pM.png)


Add your own account and give it **Read ** permissions.

Can be [automated](https://gist.github.com/Wind010/c2a99e99dbd9e8384dd28e39dc9ffb24) through Powershell.

Also interesting to note that the **certificate thumbprint** copied from the MMC/UI can contain an extra space or hidden character:

https://support.microsoft.com/en-us/topic/certificate-thumbprint-displayed-in-mmc-certificate-snap-in-has-extra-invisible-unicode-character-c9e58dcb-f39a-d0a1-f7fc-bcaaa6fe64e4 (so many typos...).

https://stackoverflow.com/questions/25949361/why-does-an-equality-check-fail-when-copy-pasting-certificate-thumbprint-strings

Keyset does not exist

Visual Studio and Certificates

I am a developer in Seattle with interests in Security (cyber and IRL), machine learning, and distributed systems.  The best practice is doing.  Teaching is learning.
