locked
How can we protect the rsacryptoserviceprovider privatekey with a password RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-492803622 posted

    I have a publickey certificate and a privatekey certificate. Before adding to the x509store i want to protect the privatekey.

    When I find the x509certificate from store using subject name i should get the certiifcate with the privatekey.But privatekey should be password protected without prompt.

    When creating rsacryptoservice provider i tried attach key password to the csp params . But i am getting "Invalid type specified" exception.Please help me to solve this.

                            var cspParams = new CspParameters
                        {
                            ProviderType = 1,
                            Flags = CspProviderFlags.UseMachineKeyStore,
                            KeyContainerName = Guid.NewGuid().ToString().ToUpperInvariant()
                        };

                        string passphrase = "password";
                        char[] passPhrase = passphrase.ToCharArray();
                        SecureString keyPassword = new SecureString();
                        for (int i = 0; i < passPhrase.Length; i++)
                        {
                            keyPassword.AppendChar(passPhrase[i]);
                        }
                        cspParams.KeyPassword = keyPassword;
                        using (RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(cspParams))
                        {
                            rsaProvider.ImportParameters(rsaParam);
                            rsaProvider.PersistKeyInCsp = true;
                            X509Certificate2 x509Certificate = new X509Certificate2(Convert.FromBase64String(cryptoCertificate), "123",
                                X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable |
                                X509KeyStorageFlags.PersistKeySet)
                            { PrivateKey = rsaProvider };
                            if (!store.Certificates.Contains(x509Certificate))
                            {
                                store.Add(x509Certificate);
                                isInstalled = true;
                            }
                        }

    Tuesday, February 23, 2021 12:15 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-939850651 posted

    Hi Anshiya,

    When creating rsacryptoservice provider i tried attach key password to the csp params . But i am getting "Invalid type specified" exception.Please help me to solve this.

    Setting CspParameters.KeyPassword is equivalent to calling CryptSetProvParam with PP_KEYEXCHANGE_PIN (or PP_SIGNATURE_PIN). This flag is not supported by the default Microsoft crypto-service-provider (it is intended for use with smartcard-based CSPs).

    You could try something like this:

    cspParams.Flags = CspProviderFlags.UseUserProtectedKey;

    Or alternatively generating a non-persistent key-pair, exporting it and encrypting it with a key derived from a password yourself.

    Best regards,

    Xudong Peng

    Wednesday, February 24, 2021 9:01 AM