CODEWITHSUNDEEP
c#.netcryptographyprivate-keypublic-key
Thabo
Thabo

Reputation: 1554

Location of container for public and private keys in Windows?

I am trying to store my public and private keys in a container using following code:

CspParameters cp = new CspParameters();
cp.KeyContainerName = "Test";
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cp);

What I'd like to know is the location of the container. Is the location of the container in the file system?

Upvotes: 14

Views: 23684

Answers (2)

DavidRR
DavidRR

Reputation: 19407

I used Process Monitor and Sn.exe (Strong Name Tool) to learn the location of the folder on my Windows 7 machine that contains my key files and thereby confirm the information in Joe's answer.

First, I ran Process Monitor and specified the following filter:

Column    Relation    Value    Action
---------------------------------------
Path      contains    crypto   Include

I then ran Strong Name Tool (sn.exe) to extract the public key from the key pair in my container VS_KEY_773685D47C32F8C7 and export it to public_key.snk:

sn.exe -pc VS_KEY_773685D47C32F8C7 public_key.snk

After doing so I noted that Process Monitor indicated that sn.exe made several access requests to the folder:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

...and the file that contains my public and private keys for my container named VS_KEY_773685D47C32F8C7:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\74c2c10a37baa69f7969c7144db5805d_c55067c2-4a01-4792-9d70-d7a6e4799447

sn.exe can be conveniently run via the Developer Command Prompt for Visual Studio.

Upvotes: 4

to StackOverflow
to StackOverflow

Reputation: 124726

You'll find the key files in the following directory (*):

Path.Combine(
    Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), 
    @"Microsoft\Crypto\RSA\MachineKeys")

You can get the filename for a given key as follows:

CspParameters cp = ...;
CspKeyContainerInfo info = new CspKeyContainerInfo(cp);
string fileName = info.UniqueKeyContainerName;

I don't believe this information is documented, so if you use it you'll be relying on undocumented implementation details which may not work in future versions of Windows. Unfortunately, it's sometimes necessary to use it; for example as noted in this question, I don't think there's any other reliable way to view permissions for an RSA Key Container from a non-privileged account.

(*) that's for machine keys. User-specific keys are presumably under Environment.SpecialFolder.LocalApplicationData

Upvotes: 25

Related Questions