Re: Export and Import RSA Key Container
From: Michel Gallant (neutron_at_istar.ca)
Date: Wed, 20 Jul 2005 09:18:54 -0400
I forgot to mention that you can't usefully export the "keycontainer"
file, since it is protected with the users login credentials (plus some
other system Master key credentials).
The comments below refer to extraction of the RSA key components
FROM this protected keycontainer infrastructure and sending it
in a portable (and hopefully protected!) fashion.
When you import to another system, you can specify the name of
the target keycontainer (making sure it does not collide with an
existing keycontainer name).
"Michel Gallant" <firstname.lastname@example.org> wrote in message news:%23N5EUdSjFHA.3692@TK2MSFTNGP09.phx.gbl...
> If you are talking about just raw RSA keys in a keycontainer,
> you can export to an (unprotected) RSAParameters instance using
> and then serialize that to a file.
> Reimport using ImportParameters() after deserializing .
> Alternatively, you could use To(From)XmlString(true) with same effect.
> A better approach is to encrypt that file for protection in transit (simple
> .net 1.1 symmetric password-based encryption will do for controlled
> access situations).
> A better approach, if the RSA keys are associated with a certificate, is
> to export the RSA keys/cert to a pfx (pkcs#12) protected container file.
> An intermediate approach is to use a protected PKCS#8 (EncryptedPrivateKey)
> format file .. although no support for that in standard .net 1.1 or 2.
> - Mitch Gallant
> MVP Security
> <email@example.com> wrote in message news:firstname.lastname@example.org...
> > I have successfully created an application in c# using the
> > RSACryptoServiceProvider to encrypt on one machine and decypt on
> > another. I am storing my private key in a key container. I have a
> > situation where I need to use this private key on load balanced servers
> > to decrypt messages from a single source.
> > Does anyone know if it is possible to export a Key Container from one
> > machine and import it onto another to allow me to use the same private
> > key on 2 different servers?
> > Many Thanks
> > Stephen