var contentInfo = new ContentInfo(bytes);
var signedCms = new SignedCms(contentInfo, true);
var cmsSigner = new CmsSigner(_certificateProvider.Certificate);
signedCms.ComputeSignature(cmsSigner); //exception there
var encodedSignature = signedCms.Encode();
at Internal.Cryptography.Pal.Windows.HelpersWindows.GetStringProvParam(SafeProvOrNCryptKeyHandle handle, CryptProvParam dwParam, Span`1& buf, Byte[]& rented, Int32 clearLen) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/HelpersWindows.cs:line 461
at Internal.Cryptography.Pal.Windows.HelpersWindows.GetProvParameters(SafeProvOrNCryptKeyHandle handle) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/HelpersWindows.cs:line 418
at Internal.Cryptography.Pal.Windows.PkcsPalWindows.GetPrivateKey[T](X509Certificate2 certificate, Boolean silent, Boolean preferNCrypt) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/PkcsPalWindows.cs:line 249
at Internal.Cryptography.Pal.Windows.PkcsPalWindows.GetPrivateKeyForSigning[T](X509Certificate2 certificate, Boolean silent) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/Windows/PkcsPalWindows.cs:line 181
at System.Security.Cryptography.Pkcs.CmsSignature.Gost2012_256CmsSignature.Sign(ReadOnlySpan`1 dataHash, HashAlgorithmName hashAlgorithmName, X509Certificate2 certificate, AsymmetricAlgorithm key, Boolean silent, Oid& signatureAlgorithm, Byte[]& signatureValue) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.Gost2012_256.cs:line 71
at System.Security.Cryptography.Pkcs.CmsSignature.Sign(ReadOnlySpan`1 dataHash, HashAlgorithmName hashAlgorithmName, X509Certificate2 certificate, AsymmetricAlgorithm key, Boolean silent, Oid& oid, ReadOnlyMemory`1& signatureValue) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSignature.cs:line 104
at System.Security.Cryptography.Pkcs.CmsSigner.Sign(ReadOnlyMemory`1 data, String contentTypeOid, Boolean silent, X509Certificate2Collection& chainCerts) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/CmsSigner.cs:line 251
at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs:line 323
at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer) in /home/appveyor/projects/corefx/src/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/SignedCms.cs:line 274
at CCH.EsiaSigner.Controllers.GostController.Sign(String message) in /source/esia/Controllers/GostController.cs:line 33
p.s. If y try to use CmsSigner(SubjectIdentifierType signerIdentifierType, X509Certificate2 certificate, AsymmetricAlgorithm privateKey) constructor and set privateKey directly then all will be ok.