Reputation: 341
The RSA key container could not be opened for one of two sections
I have encrypted two sections of a webconfig file, one is called connectionStrings and other is userAccount using the same Provider.
In my code connectionString section is decrypted just fine without any problem but when it comes to decrypt second section called userAccounts I get an error.
Here is the exact error message:
Failed to decrypt using provider 'AqueductDevProvider'. Error message from the provider: The RSA key container could not be opened.
Your help will be much appreciated.
Thanks
Here is the code in web config file
<configProtectedData>
<providers>
<add name="AqueductDevProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
keyContainerName="AqueductDevKeys"
useMachineContainer="true" />
</providers>
</configProtectedData>
<connectionStrings configProtectionProvider="AqueductDevProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue></CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue></CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
<userAccounts configProtectionProvider="AqueductDevProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue></CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue></CipherValue>
</CipherData>
</EncryptedData>
</userAccounts>
This is how I am trying to access information from UserAccounts section
System.Configuration.ConfigurationManager.AppSettings["AdminName"]; There is key in userAccounts that is called AdminName which is encrypted
Upvotes: 3
Views: 7298
Answers (1)
Reputation: 341
I was able to figure this out, apparently when the code was trying to retrieve the custom section it was running under the wrong user account(which was different when it tried to retrieve connectionStrings). I used the following code to find out which user account my code was running under when trying to access the custom encrypted section.
<% Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name);%>
result was NT AUTHORITY\IUSR
After this all I had to do was run the following command under this directory
c:\Windows\Microsoft.NET\Framework\v4.0.30319>
aspnet_regiis.exe -pa "AqueductDevKeys" "NT AUTHORITY\IUSR"
Upvotes: 4
Related Questions
- The RSA key container could not be opened
- "System.Security.Cryptography.CryptographicException: Bad Key." for RSACryptoServiceProvider.Decrypt()
- "Bad Key." exception when decrypting with RSACryptoServiceProvider (C#.NET)
- RSACryptoServiceProvider - Decrypt - The parameter is incorrect
- System.Security.Cryptography.Cryptographic Exception {"Key does not exist.\r\n"}
- Key does not exist when trying to decrypt using RSA
- Creating an RSA Key container sometimes it works sometimes it does not
- Cryptographic Exception Invalid flags Specified
- Problems with RSACryptoServiceProvider
- C# RSA encrypt/decrypt throws exception