Re: Problem with RSA.ImportParameters() under ASP .NET

---

• From: "Kim Hellan" <someone@xxxxxxxxxxx>
• Date: Mon, 13 Feb 2006 09:06:22 +0100

---

Hi,

In one of my own projects I have actually done the change in code that you
suggest.
Unfortunately I can't change the code that's causing problems, since it's a
3rd party DLL.

Another question about this...
Are there any performance issues to observe regarding the different ways to
create the RSA object?
I was under the impression that:
RSA rsa = RSA.Create ();
.... just creates an empty object without doing anything, while
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(CSPParam);
....actually generates an RSA dummy key, which of course has a huge impact on
performance.

Is that correct?

Regards,
Kim


"Henning Krause [MVP]" <newsgroups.remove@xxxxxxxxxxxxxxxxx> skrev i en
meddelelse news:egQVTIqLGHA.4052@xxxxxxxxxxxxxxxxxxxxxxx

Hello,

one common cause for this problem is that the RSA object tries to create
the CryptoConatiner in the user profile. For performance reasons, that
part of the profile is not loaded in ASP.NET applications.

See http://support.microsoft.com/default.aspx?scid=KB;EN-US;322371 for
more on this topic.

The solution given in the article is to create the RSA object with a
custom CspParameters object, specifying the machine store to use.

If this is indeed your problem, there seems no solution without a code
change...

Greetings,
Henning

"Kim Hellan" <someone@xxxxxxxxxxx> wrote in message
news:%23z0HVMkLGHA.1088@xxxxxxxxxxxxxxxxxxxxxxx

It is a server-side process.
I'm not trying to access a private key or certificate in a specific
store.
I have already gotten a private key earlier from a PKCS#12 and extracted
the key parameters.
And then a brand new key is created and I'm just trying to import the key
parameters into a new key:

RSA rsa = RSA.Create ();
rsa.ImportParameters (param);

But ImportParameters throws a:
System.Security.Cryptography.CryptographicException:
The system cannot find the file specified.

I think I read somewhere that ImportParameters actually creates a
temporary keyfile, so that may be the problem.
But when I'm not accessing a key/certificate in neither a store nor on
disk, I have no idea what I should give access to.
It's probably the IUSR_xxx user that should be granted access to
something, but what?

Any hints appreciated!
/Kim




"Mitch Gallant" <jensigner@xxxxxxxxxxxxxxxx> skrev i en meddelelse
news:uFsoc%23jLGHA.3496@xxxxxxxxxxxxxxxxxxxxxxx

If this is a server-side process (asp or asp.net) which needs to access
the private key in any way (for signing or RSA encryption) then you will
need to ACL the associated privatekey file with READ permissions for
the IUSR_<machinename> account which is what asp and asp.net runs as.
For RSA keypairs that are associated with a certificate (probably not
your case),
there is a very handy CAPICOM tool which greatly facilitates this:
<capicominstalldir>\samples\vbs\CSetKeyPerm.vbs

- Mitch Gallant
MVP Security
www.jensign.com

"Kim Hellan" <someone@xxxxxxxxxxx> wrote in message
news:ONk3njjLGHA.2320@xxxxxxxxxxxxxxxxxxxxxxx

I have a problem with some code in an assembly that use
RSA.ImportParameters().
If the assembly is used in a WinForm application it's fine, but I'm
having troubles when it's used in ASP .NET.

The code is something like this:
....
....
RSA rsa = RSA.Create ();
rsa.ImportParameters (param);

I know it has got something to do with the IIS user not having the same
access rights to key stores and files as a normal user.
Unfortunately I can't change the code (not my assembly), so can anyone
tell me what I can tweak on the PC to make this work?

Thanks!
/Kim

.

---

• Follow-Ups:
  • Re: Problem with RSA.ImportParameters() under ASP .NET
    • From: Henning Krause [MVP]

• References:
  • Problem with RSA.ImportParameters() under ASP .NET
    • From: Kim Hellan
  • Re: Problem with RSA.ImportParameters() under ASP .NET
    • From: Mitch Gallant
  • Re: Problem with RSA.ImportParameters() under ASP .NET
    • From: Kim Hellan
  • Re: Problem with RSA.ImportParameters() under ASP .NET
    • From: Henning Krause [MVP]

• Prev by Date: RE: Translate BUILTIN to domain name
• Next by Date: Re: Problem with RSA.ImportParameters() under ASP .NET
• Previous by thread: Re: Problem with RSA.ImportParameters() under ASP .NET
• Next by thread: Re: Problem with RSA.ImportParameters() under ASP .NET
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Problem with RSA.ImportParameters() under ASP .NET ... access for writing that temporary file is denied. ... file (in Machine CU store) since you don't specify a persistence. ... You could look for a transient (private key file) created .. ... RSA rsa = RSA.Create; ... (microsoft.public.dotnet.security) Re: Problem with RSA.ImportParameters() under ASP .NET ... I'm not trying to access a private key or certificate in a specific store. ... RSA rsa = RSA.Create; ... (microsoft.public.dotnet.security) Re: Problem with RSA.ImportParameters() under ASP .NET ... I'm pretty sure what you are doing is creating a transient RSA private key ... file since you don't specify a persistence. ... You could look for a transient (private key file) created .. ... I'm not trying to access a private key or certificate in a specific store. ... (microsoft.public.dotnet.security) Re: Problem with RSA.ImportParameters() under ASP .NET ... The solution given in the article is to create the RSA object with a custom ... I'm not trying to access a private key or certificate in a specific store. ... (microsoft.public.dotnet.security) Re: Problem with RSA.ImportParameters() under ASP .NET ... to create the RSA object? ... specifying the machine store to use. ... I'm not trying to access a private key or certificate in a specific ... the key parameters. ... (microsoft.public.dotnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)