tags:

views:

147

answers:

2
Q: 

How to create a RSA key in the machine for using in RSACryptoServiceProvider?

I have the following situation:

Several applications in different machines are going to share a information stored in a database with RSA cryptography.

Today I'm doing this in a way it's not the safer way. These machines share a DLL containing the RSA key in a XML.

How could I use the information from this XML to generate machine keys in the different machines and after that, how could I use them in RSACryptoServiceProvider?

+2  A: 

What I have done in the past: (This is just an outline; if you need actual code, I could provide it, but it sounds like your question is just looking for ideas.)

The following must be done on each machine. (You can create a simple console app to do this, or a powershell script.)

  • Use ProtectedData.Protect to encrypt the key
  • Store the encrypted key in the registry. You can set the ACL permissions on the registry key for additional security.

In your app, use ProtectedData.Unprotect to get the key, then pass that to the RSACryptoServiceProvider for encrypting and decrypting.

Dave  2010-05-07 14:49:05
Hi Dave, my problem is really how could I do it, I don't know a code or a tool that can generate a machine key from a xml or something. I need to keep this "master key" to generate this machine key to other machines.
Victor Rodrigues  2010-05-07 14:53:38
The ProtectedData class takes care of this for you. It uses DPAPI (built into Windows) to generate a machine-specific (or user-specific) key for encryption. That key is different on each machine, however, which is why you have to run the `.Protect` / registry on each machine. Once that is done you can delete in XML file. (Store the actual RSA key in KeePass or something so you can refer to it later if you need it.) This way there is absolutely no "plain-text" key anywhere, and your security is based on Windows-standards (account permissions / ACL)
Dave  2010-05-07 15:00:11
Sorry, I'm not going to be able to get to this right now. But http://blog.shutupandcode.net/?p=538 has the first part; I would only add the ProtectedData stuff above on the private key XML so that your private key cannot be easily compromised.
Dave  2010-05-07 15:20:06
A: 

Constructor of RSACryptoServiceProvider() can be used to create new key pair. If you want to create a Machine key or define some other parameters of created key pair you should use RSACryptoServiceProvider(CspParameters parameters) constructor. So create a new CspParameters instance, for example cspParams, and fill cspParams.Flags to CspProviderFlags.UseMachineKeyStore. Then you will be able with respect of RSACryptoServiceProvider(CspParameters parameters) constructor create a machine key.

Oleg  2010-05-07 15:09:16

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?