How to check if RSA key container exists in .NET

Question

We have

    Dim cp As New CspParameters()
    cp.KeyContainerName = ContainerName
    cp.Flags = CspProviderFlags.UseMachineKeyStore

How do I make sure that new key is not created if the key with ContainerName does not exist?

hdev · Answer 1 · 2013-09-12T13:38:00.013

9

Try this:

    public static bool DoesKeyExists(string containerName)
    {
        var cspParams = new CspParameters
        {
            Flags = CspProviderFlags.UseExistingKey,
            KeyContainerName = containerName
        };

        try
        {
            var provider = new RSACryptoServiceProvider(cspParams);
        }
        catch (Exception e)
        {
            return false;
        }
        return true;
    }

edited Sep 12 '13 at 13:38

answered Sep 12 '13 at 12:57

hdev

6,097
1
45
62

This isn't great as it assumes that a general exception means that it doesn't exist which isn't good practice. However, from what I've been able to find, this seems like the only way. – Jake Nov 02 '18 at 13:41
1

Switch flag to `Flags = CspProviderFlags.UseExistingKey | CspProviderFlags.UseMachineKeyStore` work for me. – Kerwen Dec 27 '19 at 05:37

Jamey · Answer 2 · 2020-07-30T19:00:47.927

Here's a powershell script we use to test for a given container name:

# Test if an rsa key container exists on this system.
function Test-RsaKeyContainerName(
    [Parameter(Mandatory=$true)][string] $ContainerName,
    [Parameter(Mandatory=$false)][switch] $UserContainer = $false
) {
    $csp = New-Object -TypeName "System.Security.Cryptography.CspParameters";
    $csp.KeyContainerName = $ContainerName;
    if (!($UserContainer)) {
        $csp.Flags = [System.Security.Cryptography.CspProviderFlags]::UseMachineKeyStore;
    }
    $csp.Flags = $csp.Flags -bor [System.Security.Cryptography.CspProviderFlags]::UseExistingKey;
    try {
        $rsa = New-Object -TypeName "System.Security.Cryptography.RSACryptoServiceProvider" -ArgumentList ($csp);
    } catch [System.Management.Automation.MethodInvocationException] {
        if ($error[0].Exception.InnerException -ne $null -and
            $error[0].Exception.InnerException.GetType() -eq [System.Security.Cryptography.CryptographicException] -and
            $error[0].Exception.InnerException.Message.StartsWith("Keyset does not exist")) {           
            return $false;
        } else {
            throw;
        }       
    }
    return $true;
}

If you actually need to enumerate the keys installed on the system, you can borrow the code from KeyPal at http://www.jensign.com/dotnet/keypal/source/KeyPal.txt

since the jensign pages are gone, can you update with a repo link perhaps? — Tetsujin no Oni, Mar 05 '18 at 00:47

score 1 · Answer 3 · answered Jul 14 '11 at 16:52

1

You can use

.PersistKeyInCsp = false

on your crypto provider which will ensure that the key doesn't get left over in the container. Is this what you mean?

answered Jul 14 '11 at 16:52

Wolfwyrd

15,716
5
47
67

Not a good idea, if the key existed before the process began it would be deleted. – Richard Petheram Oct 29 '14 at 12:53

How to check if RSA key container exists in .NET

3 Answers3