Key container listing?

  • Thread starter Thread starter Kevin Burton
  • Start date Start date
K

Kevin Burton

I would like to give a strong name to assemblies that I
ship but I would also like to keep the public/private key
pair secure. Eventually I think they will be stored on a
smart card but for now I am putting the public/private
key pair in a key container. Is there a way to list the
containers that are available? Can I extract the contents
of a container and recreate a file if I need to? I start
out by using sn -k then I put the file into a key
container. I would like to see the file in the container
and verify that I can recreate what was originally
created with sn -k.

Thank you for your suggestions.

Kevin
 
Hi Kevin,
Here are 2 tools which facilitates viewing and identification of all key containers:
http://pages.istar.ca/~neutron/feature/KeyPal (.NET 1.1)

http://pages.istar.ca/~neutron/KeyContainerTool (requires IE5+ and CAPICOM 2)
(all keycontainers not associated with any certificate are listed at tail-end of page)

Note that when you import a .NET snk file (which is actually an unencrypted
CryptoAPI PUBLICKEYBLOB) into a keycontainer using sn.exe -i ...., it is
automatically marked as NOT exportable, and you don't get the option to add an extra
level of password protection. This means that you won't be able to export the
private key for use anywhere else, and any process running as you will automatically
have access to your imported private key in that container!
However, the following code-snipped shows how to import an snk
file, marking the key as exportable and also offering the dialog for extra password protection:
http://pages.istar.ca/~neutron/feature/ImportSNK.txt
You can then export the public/private keypair (e.g. using CryptoAPI CryptExportKey).
The KeyPal tool above allows exporting any keycontainer keypair, using CryptExportKey,
which is marked as exportable.

Happy Holidays to all here. Have a safe and happy holiday.

- Mitch Gallant
MVP Security
http://pages.istar.ca/~neutron
 
Thank you for the tip.

This seems to be a good tool but the listing is all
GUID's. I don't know how to map the GUID's that are
displayed to a name that I can understand.

Kevin
-----Original Message-----
Hi Kevin,
Here are 2 tools which facilitates viewing and
Click to expand...
identification of all key containers:
http://pages.istar.ca/~neutron/feature/KeyPal (.NET 1.1)

http://pages.istar.ca/~neutron/KeyContainerTool (requires IE5+ and CAPICOM 2)
(all keycontainers not associated with any certificate
Click to expand...
are listed at tail-end of page)
Note that when you import a .NET snk file (which is actually an unencrypted
CryptoAPI PUBLICKEYBLOB) into a keycontainer using sn.exe -i ...., it is
automatically marked as NOT exportable, and you don't get the option to add an extra
level of password protection. This means that you won't be able to export the
private key for use anywhere else, and any process
Click to expand...
running as you will automatically
have access to your imported private key in that container!
However, the following code-snipped shows how to import an snk
file, marking the key as exportable and also offering
Click to expand...
the dialog for extra password protection:
http://pages.istar.ca/~neutron/feature/ImportSNK.txt
You can then export the public/private keypair (e.g.
Click to expand...
using CryptoAPI CryptExportKey).
 
Back
Top