Error exporting RSA key container via aspnet_regiis

Discussion in 'ASP .Net Security' started by dpomt, Oct 16, 2006.

  1. dpomt

    dpomt Guest

    Hello,

    I have an issue exporting a RSA key container via aspnet_regiis.
    I am using
    aspnet_regiis -px "HoKeyCont7" HoKeyCont7.xml -pri
    and I get the following (german) error message:
    Exporting RSA Keys to file...
    Schlüssel ist im angegebenen Status nicht gültig.
    (translation might be: key invalid in specified status)

    If I ommit the "-pri" option, the export succeeds without errors. However, I
    need the "-pri" option to use the RSA key to decrypt the encrypted stuff on
    a webserver.


    Background information:
    I have added a configProtectedData section to my web.config
    <configProtectedData>
    <providers>
    <add name="MyProtectedDataProviderName2"
    type="System.Configuration.RsaProtectedConfigurationProvider,
    System.Configuration, Version=2.0.0.0, Culture=neutral,
    PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
    keyContainerName="HoKeyCont7"
    useMachineContainer="true" />
    </providers>
    </configProtectedData>

    and I am encrypting the wanted section programmatically:
    Configuration config = WebConfigurationManager.OpenMappedWebConfiguration
    (webConfigurationFileMap, "/");
    ConfigurationSection cs = config.GetSection(strSection);
    cs.SectionInformation.ProtectSection(m_strProtectedDataProviderName);
    config.Save();

    Encryption (as well as decryption) on my local dev machine work both well.


    What I need is to export the RSA key with the -pri option.

    Any suggestions?
     
    dpomt, Oct 16, 2006
    #1
    1. Advertising

  2. Hello dpomt,

    As for the aspnet_regiis.exe tool, it can help generate and export some
    machine stored RSA key. And you're right that in order to export the full
    public/private key pairs, we need to use -px with -pri options.

    As for the exporting error you encountered, regardless of the environment
    or framework installing problem, I'm wondering how did you originally
    create this RSA key. When creating the RSA key, we need to specify the
    "-exp" option so as to make it exportable, have you done this when creating
    your RSA key?

    Here is a msdn article which has demonstrated how to create and export such
    a RSA key for encrypting .net 2.0 applciation's configuration file.


    #How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
    http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000006.asp?frame=tr
    ue


    If you've already followed the correct steps from creating key to exporting
    key, I would suggest you duplicate the same steps on some other machine
    with .net framework 2.0 installed. If other machine works well, this should
    be an machine specific issue.

    Hope this helps. Please feel free to let me know if you have any new
    finding.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead



    ==================================================

    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
    ications.



    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/subscriptions/support/default.aspx.

    ==================================================



    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Oct 17, 2006
    #2
    1. Advertising

  3. dpomt

    dpomt Guest

    Hello Steven,

    thanks for your quick reply!

    I have had read the article you mentioned before - but I have re-read it.
    And I just noticed that I have forgot to explicitly create the RSA Key using
    aspnet_regiis -pc "MyKeyName" -exp

    Now, everythings works fine.

    Thanks and best regards,
    Dieter
     
    dpomt, Oct 17, 2006
    #3
  4. Hi Dieter,

    Glad that you've got it working.

    Have a good day!

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Oct 18, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. gg
    Replies:
    0
    Views:
    2,732
  2. Replies:
    0
    Views:
    6,088
  3. =?Utf-8?B?RGF2aWQ=?=

    aspnet_regiis -pa fails to locate container

    =?Utf-8?B?RGF2aWQ=?=, Sep 5, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    3,380
    =?Utf-8?B?RGF2aWQ=?=
    Sep 5, 2006
  4. RSA key container could not be opened

    , Mar 8, 2006, in forum: ASP .Net Security
    Replies:
    1
    Views:
    556
  5. Bernard

    Cannot create RSA key container

    Bernard, May 21, 2008, in forum: ASP .Net Security
    Replies:
    1
    Views:
    853
    Bernard
    May 28, 2008
Loading...

Share This Page