Can another application access a private key stored in a key container using RSACryptoServiceProvider?

Question

I am using RSACryptoServiceProvider to generate public/private key pair and using cspParameters object to store it in a key container.

My problem is that after i store the private key in a key container, can another application access the key container and retrieve the private key i generated?

If yes, the security of the key is compromised isn't it?

How do i avoid this? Should i encrypt the generated private key with a symmetric encryption algorithm?

score 3 · Accepted Answer · answered Jul 23 '10 at 19:47

3

Without using a Hardware Security Module, your only protection is to set the CspParameters.Flags field:

CspParameters.Flags = CspProviderFlags.UseNonExportableKey |  CspProviderFlags.UseUserProtectedKey;

The first flag prevents software from "honestly" exporting the private key. The second requires user interaction with the GUI to perform any private key operations.

answered Jul 23 '10 at 19:47

President James K. Polk

40,516
21
95
125

You mean some sort of Dialog Box will pop and request the user to approve it? – Ranhiru Jude Cooray Jul 23 '10 at 20:44

Can another application access a private key stored in a key container using RSACryptoServiceProvider?

1 Answers1