Mimekit - A suitable private key could not be found for decrypting

Question

I'm trying to decrypt and encrypt mime messages with the Mimekit Library, but when I try to import the certificate to the TemporarySecureMimeContext and then decrypt a message I encounter the following error:

A suitable private key could not be found for decrypting.
at MimeKit.Cryptography.BouncyCastleSecureMimeContext.<DecryptAsync>d__50.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
at MimeKit.Cryptography.ApplicationPkcs7Mime.<DecryptAsync>d__11.MoveNext()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Utils.MimeMailUtils.MimeMailUtils.<Decrypt>d__3.MoveNext() in C:\Dev\Euroval\PasarelaAceuro\Utils\MimeUtils\MimeMailUtils.cs:line 105
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at PasarelaLibrary.Implementations.Caixa.GraphImplementation.LaCaixaGraphApiPasarela.<GetMessage>d__15.MoveNext() in C:\Dev\Euroval\PasarelaAceuro\PasarelaLibrary\Implementations\Caixa\GraphImplementation\LaCaixaGraphApiPasarela.cs:line 362
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at PasarelaLibrary.Implementations.Caixa.GraphImplementation.LaCaixaGraphApiPasarela.<Descarga>d__9.MoveNext() in C:\Dev\Euroval\PasarelaAceuro\PasarelaLibrary\Implementations\Caixa\GraphImplementation\LaCaixaGraphApiPasarela.cs:line 167

and this is the code I'm using:

public static async Task<MimeEntity> Decrypt(MimeMessage message, X509Certificate2 certificate)
{
    var encryptedContent = (ApplicationPkcs7Mime)message.Body;
    using var context = new TemporarySecureMimeContext();
    context.Import(certificate.AsBouncyCastleCertificate());
    return await encryptedContent.DecryptAsync(context);
}

Here is how I initialize the certificate:

public void SetSecrets()
{
    using KeyVaultClient client = VaultClientExtensions.GetKeyVaultClient(AzureVaultManagerSettings.ClientId, AzureVaultManagerSettings.ClientSecret);
    var secret = AsyncUtil.RunSync(() => client.GetSecret<string>(AzureVaultManagerSettings.SecretUrl));
    GraphApiSettings.PrivateCertificate = new X509Certificate2(
        Convert.FromBase64String(secret),
        string.Empty,
        X509KeyStorageFlags.EphemeralKeySet | X509KeyStorageFlags.Exportable);
}

The problem with that is I already encrypted and decrypted messages using the WindowsSecureMimeContext, but the problem with that is my app service in which is deployed the application can't import the certificate due to lack of permissions and we cannot give it admin permissions.

--EDIT--

My Certificate already has a private key

Answer 1

You need to import the private key