Key container listing?

K

Kevin Burton

I would like to give a strong name to assemblies that I
ship but I would also like to keep the public/private key
pair secure. Eventually I think they will be stored on a
smart card but for now I am putting the public/private
key pair in a key container. Is there a way to list the
containers that are available? Can I extract the contents
of a container and recreate a file if I need to? I start
out by using sn -k then I put the file into a key
container. I would like to see the file in the container
and verify that I can recreate what was originally
created with sn -k.

Thank you for your suggestions.

Kevin
 
M

Michel Gallant

Hi Kevin,
Here are 2 tools which facilitates viewing and identification of all key containers:
http://pages.istar.ca/~neutron/feature/KeyPal (.NET 1.1)

http://pages.istar.ca/~neutron/KeyContainerTool (requires IE5+ and CAPICOM 2)
(all keycontainers not associated with any certificate are listed at tail-end of page)

Note that when you import a .NET snk file (which is actually an unencrypted
CryptoAPI PUBLICKEYBLOB) into a keycontainer using sn.exe -i ...., it is
automatically marked as NOT exportable, and you don't get the option to add an extra
level of password protection. This means that you won't be able to export the
private key for use anywhere else, and any process running as you will automatically
have access to your imported private key in that container!
However, the following code-snipped shows how to import an snk
file, marking the key as exportable and also offering the dialog for extra password protection:
http://pages.istar.ca/~neutron/feature/ImportSNK.txt
You can then export the public/private keypair (e.g. using CryptoAPI CryptExportKey).
The KeyPal tool above allows exporting any keycontainer keypair, using CryptExportKey,
which is marked as exportable.

Happy Holidays to all here. Have a safe and happy holiday.

- Mitch Gallant
MVP Security
http://pages.istar.ca/~neutron
 
K

Kevin Burton

Thank you for the tip.

This seems to be a good tool but the listing is all
GUID's. I don't know how to map the GUID's that are
displayed to a name that I can understand.

Kevin
-----Original Message-----
Hi Kevin,
Here are 2 tools which facilitates viewing and
Click to expand...
identification of all key containers:
http://pages.istar.ca/~neutron/feature/KeyPal (.NET 1.1)

http://pages.istar.ca/~neutron/KeyContainerTool (requires IE5+ and CAPICOM 2)
(all keycontainers not associated with any certificate
Click to expand...
are listed at tail-end of page)
Note that when you import a .NET snk file (which is actually an unencrypted
CryptoAPI PUBLICKEYBLOB) into a keycontainer using sn.exe -i ...., it is
automatically marked as NOT exportable, and you don't get the option to add an extra
level of password protection. This means that you won't be able to export the
private key for use anywhere else, and any process
Click to expand...
running as you will automatically
have access to your imported private key in that container!
However, the following code-snipped shows how to import an snk
file, marking the key as exportable and also offering
Click to expand...
the dialog for extra password protection:
http://pages.istar.ca/~neutron/feature/ImportSNK.txt
You can then export the public/private keypair (e.g.
Click to expand...
using CryptoAPI CryptExportKey).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SN.EXE and Exported Public Keys 6
Converting Verisign certificate (SPC) to strong named key pair (SN 0
strong name key pair - internal error occuring problem... 1
Variable length arrays in .NET 2.0? 2
One solution to sn.exe error "Failed to generate a strong name key pair -- The keyset is not defined 1
Concantinate Query 4
Some questions on code signing with smartcard 1
tab container and update panel 2

Top