1

SetProperty on CngKey while giving access on machineKey always updates the CngKey. Is this correct behaviour?

I am setting permissions ACL on the CngKey. When permissions are set on the key using SetProperty, it gets updated every time i apply the same permissions.(I should update ideally for different rules/permissions) This is not the behaviour with RSACryptoServiceProvider or CAPI. it doesn't get updated for same rules being applied, but updates when we apply different rules.

Is this correct behaviour?

CngProperty permissions = new CngProperty(
    NCRYPT_SECURITY_DESCR_PROPERTY,
    sec.GetSecurityDescriptorBinaryForm(),
    CngPropertyOptions.Persist | DACL_SECURITY_INFORMATION);

cngKey.SetProperty(permissions);

Expected -> CngKey shouldn't be updated (CngKey has a timestamp that gets updated that means key gets updated) for same permissions being applied, but should update on different permissions.

Actual:-> CngKey updates every time when SetProperty gets called.

bartonjs
  • 30,352
  • 2
  • 71
  • 111
sagar yadwad
  • 133
  • 1
  • 3
  • 11
  • What timestamp are you reading? – bartonjs Jul 19 '19 at 14:42
  • The system timestamp..the cngKey gets updates after every setProperty ..system file in crypto/keys. The same behaviour isn't observed with rsaCryptoService provider system key which is in crypto/rsa/ machineKeys. The timestamp as in system time doesn't get updated for CAPI. – sagar yadwad Jul 21 '19 at 13:30

0 Answers0