What exactly is a key container, where is it located?

Question

I'm reading about how to store your private key for RSA encryption, but I'm confused as to what exactly a key container is?

For example, on my server that I will deploy, are there any trust levels in saving and getting data from a key container?

Is it stored in a hidden file on the server?

If I don't store the private key in my web.config (or a encrypted version of it), then I guess I have to somehow first save it in a container first using a test page so that my running application can get it correct?

Reference: http://msdn.microsoft.com/en-us/library/5e9ft273(v=vs.71).aspx

Answer 1

Although this thread is a little old. If someone search for "where" the key container is stored, then the short answer is on the system. It is a series of folders starting at C:\ProgramData\Microsoft\Crypto.

Depending on the key type being used and the access level (machine or user), it will be placed in its respective folder.

Machine means anyone logged on to the system can user it where user means only the user that put the key can use it. This can be achieved by setting the "UseMachineKeyStore" of the CspProviderFlags (RSACryptoServiceProvider.UseMachineKeyStore Property) and the enums you can use (CspProviderFlags Enum).

Answer 2

The RSA key container is nothing but a container for storing your Private key, public key pair. When you create a key container .Net actually creates a random Public Key for encrypting the data and a private key for decryption the data and is stored in the container.