If your program is running under IIS (perhaps in a web service), you need rights to the private key to perform a signature, and the IIS processes typically runs in the default IIS Application Pool under the NETWORK_SERVICE ID, which has no rights.
Grant the ID Full Control rights to the private key which is stored in C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machine Keys. (Perhaps lesser rights would work; you may experiment).
Detailed Instructions for Installing a PFX for Use by ASP / ASP.NET
Alternatively, you may send signed email using a PFX directly, which bypasses the problem:
ASP: Send Signed Email using PFX File
C#: Send Signed Email using PFX File
C++: Send Signed Email using PFX File
Delphi: Send Signed Email using PFX File
Visual FoxPro: Send Signed Email using PFX File
Java: Send Signed Email using PFX File
Perl: Send Signed Email using PFX File
Python: Send Signed Email using PFX File
Ruby: Send Signed Email using PFX File
VB.NET: Send Signed Email using PFX File
Visual Basic: Send Signed Email using PFX File
VBScript: Send Signed Email using PFX File
