List RSA Key Container Names
Recently I’ve been looking into encrypting sections of web.config on a couple of web sites that reside on a web farm.
It’s not very difficult (once you figure out how to get around the fact that some of the instructions don’t work) and I’ll write another post on it once I’ve finished implementing it. But there is one major weak point: What happens if you forget the name of the key you are using? Where do you go to find the names of the RSA keys?
You’d think that listing the names of RSA key containers would be simple. After all, they are real easy to create just type:
aspnet_regiis -pc "MyKeys" -exp
(aspnet_regiis can be found in C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727 or higher)
It’s so simple to do and yet if you forget the name you used then finding it again is virtually impossible.
After many, many searches on Google, Bing and DuckDuckGo, I finally found something that will list them. (Surprisingly it was highest on the DuckDuckGo search and that’s how I found it.)
It’s a simple open source app called KeyPal. Download it, open up a command prompt and run it. At start up it gives you a list of user keys, a list of commands and a blank prompt (with no “>” or anything to indicate it’s a prompt). To list machine level key containers just type “LM”, press Enter and there they are!
There is probably something in the bowels of Windows that will also do this, but I couldn’t find it after searching and searching, so kudos to the guys at JavaScience who wrote KeyPal.
I hope this gets onto search engines to help other poor slobs like me find out how to list RSA Key Container names without spending hours hunting.
I know your pain. Was looking all day for a solution. Your post is near the top in Google. Luckily, otherwise I would be still searching. Thanks, you saved my day.
Nikodem Jaworski (@medokin_de)
October 5, 2012 at 6:16 am
@Nikodem – you’re welcome
gsdwriter
October 6, 2012 at 2:50 pm
Thanks for sharing!
Warrick
March 15, 2013 at 11:40 am
Great info!! thank you bery much
Julian Forster
June 13, 2013 at 4:26 am
You mention that some of the instructions in the MS “walkthrough” don’t work. Can you elaborate please?
Tom
March 18, 2014 at 4:25 pm
Thanks, this was very helpful.
For those who cannot download exe’s, below Console app works.
// c#
var files = System.IO.Directory.GetFiles(@”C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\”);
foreach (var f in files)
{
// try catch is to avoid some ACL issues on certain files
try
{
byte[] bytes = File.ReadAllBytes(f);
string containerName = Encoding.ASCII.GetString(bytes, 40, bytes[8] – 1);
Console.WriteLine(containerName);
}
catch (Exception)
{
}
}
Console.Read();
apparently the containerName is embedded right in the file.
References
http://security.stackexchange.com/questions/1771/how-can-i-enumerate-all-the-saved-rsa-keys-in-the-microsoft-csp
Bhavesh Sharma
January 23, 2015 at 4:38 pm