List RSA Key Container Names

with 6 comments

Recently I’ve been looking into encrypting sections of web.config on a couple of web sites that reside on a web farm.

It’s not very difficult (once you figure out how to get around the fact that some of the instructions don’t work) and I’ll write another post on it once I’ve finished implementing it. But there is one major weak point: What happens if you forget the name of the key you are using?  Where do you go to find the names of the RSA keys?

You’d think that listing the names of RSA key containers would be simple.  After all, they are real easy to create just type:

aspnet_regiis -pc "MyKeys" -exp

(aspnet_regiis can be found in C:\WINDOWS\Microsoft.Net\Framework\v2.0.50727  or higher)

It’s so simple to do and yet if you forget the name you used then finding it again is virtually impossible.

After many, many searches on Google, Bing and DuckDuckGo, I finally found something that will list them.  (Surprisingly it was highest on the DuckDuckGo search and that’s how I found it.)

It’s a simple open source app called KeyPal.  Download it, open up a command prompt and run it.  At start up it gives you a list of user keys, a list of commands and a blank prompt (with no “>” or anything to indicate it’s a prompt).  To list machine level key containers just type “LM”, press Enter and there they are!

There is probably something in the bowels of Windows that will also do this, but I couldn’t find it after searching and searching, so kudos to the guys at JavaScience who wrote KeyPal.

I hope this gets onto search engines to help other poor slobs like me find out how to list RSA Key Container names without spending hours hunting.

Written by gsdwriter

August 6, 2012 at 12:08 pm

Posted in ASP.NET, Encryption, Security, Tips and Tricks, Windows 7