public override byte[] SignHash(byte[] hash) { if (hash == null) { throw new ArgumentNullException("hash"); } // Make sure we're allowed to sign using this key KeyContainerPermission permission = Key.BuildKeyContainerPermission(KeyContainerPermissionFlags.Sign); if (permission != null) { permission.Demand(); } // Now that know we have permission to use this key for signing, pull the key value out, which // will require unmanaged code permission new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert(); // This looks odd, but the key handle is actually a duplicate so we need to dispose it using (SafeNCryptKeyHandle keyHandle = Key.Handle) { CodeAccessPermission.RevertAssert(); return(NCryptNative.SignHash(keyHandle, hash)); } }