Key container permissions

Posted By: kettch | Feb 22nd, 2007 @ 3:09 PM
page 1 of 1
Comments: 3 | Views: 4305
#Feb 22nd, 2007 @ 3:09 PM
kettch
kettch

I'm trying to make an asymmetric key available across all users of a machine.

Dim cp As New CspParameters()
cp.KeyContainerName = "testCon"
cp.Flags = CspProviderFlags.UseMachineKeyStore
Dim rsa As New RSACryptoServiceProvider(cp)
rsa.PersistKeyInCsp = False
rsa.Clear()
cp = New CspParameters()
cp.KeyContainerName = "testCon"
cp.Flags = CspProviderFlags.UseMachineKeyStore
rsa = New RSACryptoServiceProvider(cp)

First of all, is that the correct way to do it? This is what I was able to figure out from the oh-so-helpful documentation.

Second, if I run this from an admin account, and then run it from a limited account, I get an "Object already exists" error. I'm assuming that this is some kind of permissions issue? So much for storing things in the all users application data. What can I do to make it so any user across the machine can access this key container?

#Feb 22nd, 2007 @ 3:40 PM
AndyC
AndyC
A limited user shouldn't be able to alter machine wide data. You probably need to create the key from an elevated process and have it persist so that others can read it.
#Feb 22nd, 2007 @ 4:04 PM
kettch
kettch
That's the thing, at this point, I can't even get a limited user to read the keys.

For some reason this line:
cp.KeyContainerName = "testCon"
apparently tells the framework to try to create the container, but the documentation says that it also should define a container to read. Even when this code:

Dim cp As New CspParameters()
Dim userRule As AccessControl.CryptoKeyAccessRule = Nothing
Dim adminRule As AccessControl.CryptoKeyAccessRule = Nothing
Dim cks As AccessControl.CryptoKeySecurity = Nothing
userRule = New AccessControl.CryptoKeyAccessRule("Users", AccessControl.CryptoKeyRights.FullControl, AccessControl.AccessControlType.Allow)
adminRule = New AccessControl.CryptoKeyAccessRule("Administrators", AccessControl.CryptoKeyRights.FullControl, ccessControl.AccessControlType.Allow)

cks = New AccessControl.CryptoKeySecurity

cks.AddAccessRule(adminRule)

cks.AddAccessRule(userRule)

cp.CryptoKeySecurity = cks

is run as an administrator, it still has no effect.

#Feb 22nd, 2007 @ 4:39 PM
kettch
kettch

meh, back burner. I don't have time for this right now. Perplexed

page 1 of 1
Comments: 3 | Views: 4305
Microsoft Communities