How to store a public key in a machine-level RSA key container
Asked Answered
A

2

9

I'm having a problem using a machine level RSA key container when storing only the public key of a public/private key pair.

The following code creates a public/private pair and extracts the public key from that pair. The pair and the public key are stored in separate key containers. The keys are then obtained from those key containers at which point they should be the same as the keys going into the containers.

The code works when CspProviderFlags.UseDefaultKeyContainer is specified for CspParameters.Flags (i.e. the key read back out from the PublicKey container is the same), but when CspProviderFlags.UseMachineKeyStore is specified for CspParameters.Flags the key read back from PublicKey is different.

Why is the behaviour different, and what do I need to do differently to retrieve the public key from a machine-level RSA key container?

var publicPrivateRsa = new RSACryptoServiceProvider(new CspParameters()
{
    KeyContainerName = "PublicPrivateKey",
    Flags = CspProviderFlags.UseMachineKeyStore
    //Flags = CspProviderFlags.UseDefaultKeyContainer
}
    )
{
    PersistKeyInCsp = true,

};

var publicRsa = new RSACryptoServiceProvider(new CspParameters()
{
    KeyContainerName = "PublicKey",
    Flags = CspProviderFlags.UseMachineKeyStore
    //Flags = CspProviderFlags.UseDefaultKeyContainer
}
    )
{
    PersistKeyInCsp = true
};


//Export the key.
publicRsa.ImportParameters(publicPrivateRsa.ExportParameters(false));


Console.WriteLine(publicRsa.ToXmlString(false));
Console.WriteLine(publicPrivateRsa.ToXmlString(false));

//Dispose those two CSPs.
using (publicRsa)
{
    publicRsa.Clear();
}
using (publicPrivateRsa)
{
    publicRsa.Clear();
}

publicPrivateRsa = new RSACryptoServiceProvider(new CspParameters()
{
    KeyContainerName = "PublicPrivateKey",
    Flags = CspProviderFlags.UseMachineKeyStore
    //Flags = CspProviderFlags.UseDefaultKeyContainer
}
    );


publicRsa = new RSACryptoServiceProvider(new CspParameters()
{
    KeyContainerName = "PublicKey",
    Flags = CspProviderFlags.UseMachineKeyStore
    //Flags = CspProviderFlags.UseDefaultKeyContainer
}
    );

Console.WriteLine(publicRsa.ToXmlString(false));
Console.WriteLine(publicPrivateRsa.ToXmlString(false));


using (publicRsa)
{
    publicRsa.Clear();
}
using (publicPrivateRsa)
{
    publicRsa.Clear();
}
Ararat answered 16/2, 2010 at 16:50 Comment(1)
A discussion on this question can be found over at MSDN (social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/…)Ararat
A
5

It seems that key containers are not intended for this purpose (this is implied by "How to: Store Asymmetric Keys in a Key Container" from the .NET Framework Developer's Guide, and confirmed by a disccusion on MSDN).

Other mechanisms, such as storing the key in an XML file, need to be used to achieve this goal.

Ararat answered 18/2, 2010 at 9:38 Comment(0)
M
-1

This link may help you. http://msdn.microsoft.com/en-IN/library/tswxhw92(v=vs.80).aspx

var cp = new CspParameters();
cp.KeyContainerName = ContainerName;

// Create a new instance of RSACryptoServiceProvider that accesses
// the key container.
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cp);

// Delete the key entry in the container.
rsa.PersistKeyInCsp = false;

// Call Clear to release resources and delete the key from the container.
rsa.Clear();

This is what it says about key deletion.

Mobility answered 2/5, 2013 at 15:48 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.