My Software Notes

Useful things I discover

List RSA Key Container Names

with 6 comments

Recently I’ve been looking into encrypting sections of web.config on a couple of web sites that reside on a web farm.

It’s not very difficult (once you figure out how to get around the fact that some of the instructions don’t work) and I’ll write another post on it once I’ve finished implementing it. But there is one major weak point: What happens if you forget the name of the key you are using?  Where do you go to find the names of the RSA keys?

You’d think that listing the names of RSA key containers would be simple.  After all, they are real easy to create just type:

aspnet_regiis -pc "MyKeys" -exp

(aspnet_regiis can be found in C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727  or higher)

It’s so simple to do and yet if you forget the name you used then finding it again is virtually impossible.

After many, many searches on Google, Bing and DuckDuckGo, I finally found something that will list them.  (Surprisingly it was highest on the DuckDuckGo search and that’s how I found it.)

It’s a simple open source app called KeyPal.  Download it, open up a command prompt and run it.  At start up it gives you a list of user keys, a list of commands and a blank prompt (with no “>” or anything to indicate it’s a prompt).  To list machine level key containers just type “LM”, press Enter and there they are!

There is probably something in the bowels of Windows that will also do this, but I couldn’t find it after searching and searching, so kudos to the guys at JavaScience who wrote KeyPal.

I hope this gets onto search engines to help other poor slobs like me find out how to list RSA Key Container names without spending hours hunting.


Written by gsdwriter

August 6, 2012 at 12:08 pm

6 Responses

Subscribe to comments with RSS.

  1. I know your pain. Was looking all day for a solution. Your post is near the top in Google. Luckily, otherwise I would be still searching. Thanks, you saved my day.

    • @Nikodem – you’re welcome


      October 6, 2012 at 2:50 pm

  2. Thanks for sharing!


    March 15, 2013 at 11:40 am

    • Great info!! thank you bery much

      Julian Forster

      June 13, 2013 at 4:26 am

  3. You mention that some of the instructions in the MS “walkthrough” don’t work. Can you elaborate please?


    March 18, 2014 at 4:25 pm

  4. Thanks, this was very helpful.
    For those who cannot download exe’s, below Console app works.

    // c#

    var files = System.IO.Directory.GetFiles(@”C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\”);

    foreach (var f in files)
    // try catch is to avoid some ACL issues on certain files
    byte[] bytes = File.ReadAllBytes(f);
    string containerName = Encoding.ASCII.GetString(bytes, 40, bytes[8] – 1);

    catch (Exception)



    apparently the containerName is embedded right in the file.


    Bhavesh Sharma

    January 23, 2015 at 4:38 pm

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: