|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Export and Import RSA Key ContainerI have successfully created an application in c# using the
RSACryptoServiceProvider to encrypt on one machine and decypt on another. I am storing my private key in a key container. I have a situation where I need to use this private key on load balanced servers to decrypt messages from a single source. Does anyone know if it is possible to export a Key Container from one machine and import it onto another to allow me to use the same private key on 2 different servers? Many Thanks Stephen If you are talking about just raw RSA keys in a keycontainer,
you can export to an (unprotected) RSAParameters instance using oRSAProvider.ExportParameters(true); and then serialize that to a file. Reimport using ImportParameters() after deserializing . Alternatively, you could use To(From)XmlString(true) with same effect. A better approach is to encrypt that file for protection in transit (simple ..net 1.1 symmetric password-based encryption will do for controlled access situations). A better approach, if the RSA keys are associated with a certificate, is to export the RSA keys/cert to a pfx (pkcs#12) protected container file. An intermediate approach is to use a protected PKCS#8 (EncryptedPrivateKey) format file .. although no support for that in standard .net 1.1 or 2. - Mitch Gallant MVP Security Show quoteHide quote <wrigh***@gmail.com> wrote in message news:1121854859.532099.100210@g47g2000cwa.googlegroups.com... > > I have successfully created an application in c# using the > RSACryptoServiceProvider to encrypt on one machine and decypt on > another. I am storing my private key in a key container. I have a > situation where I need to use this private key on load balanced servers > to decrypt messages from a single source. > > Does anyone know if it is possible to export a Key Container from one > machine and import it onto another to allow me to use the same private > key on 2 different servers? > > Many Thanks > > Stephen > I forgot to mention that you can't usefully export the "keycontainer"
file, since it is protected with the users login credentials (plus some other system Master key credentials). The comments below refer to extraction of the RSA key components FROM this protected keycontainer infrastructure and sending it in a portable (and hopefully protected!) fashion. When you import to another system, you can specify the name of the target keycontainer (making sure it does not collide with an existing keycontainer name). - Mitch Show quoteHide quote "Michel Gallant" <neut***@istar.ca> wrote in message news:%23N5EUdSjFHA.3692@TK2MSFTNGP09.phx.gbl... > If you are talking about just raw RSA keys in a keycontainer, > you can export to an (unprotected) RSAParameters instance using > oRSAProvider.ExportParameters(true); > and then serialize that to a file. > Reimport using ImportParameters() after deserializing . > Alternatively, you could use To(From)XmlString(true) with same effect. > > A better approach is to encrypt that file for protection in transit (simple > .net 1.1 symmetric password-based encryption will do for controlled > access situations). > > A better approach, if the RSA keys are associated with a certificate, is > to export the RSA keys/cert to a pfx (pkcs#12) protected container file. > > An intermediate approach is to use a protected PKCS#8 (EncryptedPrivateKey) > format file .. although no support for that in standard .net 1.1 or 2. > > - Mitch Gallant > MVP Security > > <wrigh***@gmail.com> wrote in message news:1121854859.532099.100210@g47g2000cwa.googlegroups.com... > > > > I have successfully created an application in c# using the > > RSACryptoServiceProvider to encrypt on one machine and decypt on > > another. I am storing my private key in a key container. I have a > > situation where I need to use this private key on load balanced servers > > to decrypt messages from a single source. > > > > Does anyone know if it is possible to export a Key Container from one > > machine and import it onto another to allow me to use the same private > > key on 2 different servers? > > > > Many Thanks > > > > Stephen > > > > My GetKey c# util may help. You can create a key and store in a container
or file. Can then export from container or file to xml or key blob. Another machine can then import it. In a farm senerio, I might just store the .snk (key blob) in a shared dir that only the specific servers (and app account) has access to. Then all servers can access same key. IMO, this may be easier to reason about and manage then using containers. You may be able to use EFS to encrypt the shared dir and all keys within it - but have not worked with EFS to know if this works on a shared domain share or not. -- Show quoteHide quoteWilliam Stacey [MVP] <wrigh***@gmail.com> wrote in message news:1121854859.532099.100210@g47g2000cwa.googlegroups.com... > > I have successfully created an application in c# using the > RSACryptoServiceProvider to encrypt on one machine and decypt on > another. I am storing my private key in a key container. I have a > situation where I need to use this private key on load balanced servers > to decrypt messages from a single source. > > Does anyone know if it is possible to export a Key Container from one > machine and import it onto another to allow me to use the same private > key on 2 different servers? > > Many Thanks > > Stephen > Sorry, did not post the link to the code:
http://channel9.msdn.com/ShowPost.aspx?PostID=80076 -- William Stacey [MVP] 
Other interesting topics
Import RSA parameters from .PEM format
CryptoAPI, System.Security.Cryptography Interoperability Export/import session key between CryptoAPI/C++ and .NET/C# Authenticate User in Windows 2000 machine .NET 2.0 Membership "role context" Weird registry behavior when writing to custom event log IsInRole & SID/Token Caching in .NET v1.1 Get an unauthenticated windowsIdentity? Cryptography implementation using memeorystream Configuration Error |
|||||||||||||||||||||||
