-1

I'm playing with CNGKey and the storage. I would like to store the key, and later retrieve it for encryption.
I am usingCngKey.Create and I see that it is persisted in the file system. To test access to it, immediately after the Create command I get false for CngKey.Existsm using visual studio's 'watch' window.
This happens for both RSA, using Microsoft's built in enum, and AES, using "AES" string.

My code for AES:

CngKeyCreationParameters keyParams = new CngKeyCreationParameters
{
    ExportPolicy = CngExportPolicies.AllowExport,
    KeyCreationOptions = CngKeyCreationOptions.MachineKey | CngKeyCreationOptions.OverwriteExistingKey,
    Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider,
    //KeyUsage = CngKeyUsages.Decryption
};
CngAlgorithm aesAlgorithm = new CngAlgorithm("AES");
CngKey.Create(aesAlgorithm, "mykeyAES", keyParams);

My code for RSA:

CngKeyCreationParameters keyParams = new CngKeyCreationParameters
{
    ExportPolicy = CngExportPolicies.AllowExport,
    KeyCreationOptions = CngKeyCreationOptions.MachineKey | CngKeyCreationOptions.OverwriteExistingKey,
    Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider,
    //KeyUsage = CngKeyUsages.Decryption
};
if (!CngKey.Exists(keyName, CngProvider.MicrosoftSoftwareKeyStorageProvider))
{
    CngKey key = CngKey.Create(CngAlgorithm.Rsa, keyName, keyParams);
}

The only relevant information I get from searching the web, is getting to the same questions on SO which don't help me much with my specific case. Appreciate any help!

Edit:

According to @Martheen's reply, Open has changed to:

CngKey key = CngKey.Open(keyName, CngProvider.MicrosoftSoftwareKeyStorageProvider, CngKeyOpenOptions.MachineKey);

I'm getting true on CngKey.Exists but get an exception 'keypair does not exist'

Moutabreath
  • 184
  • 1
  • 6
  • 19

1 Answers1

2

If you create the key as machine-wide, you'd have to specify it too on accessing them

CngKey.Exists("mykeyAES", CngProvider.MicrosoftSoftwareKeyStorageProvider, CngKeyOpenOptions.MachineKey));

and

CngKey.Open("mykeyRSA", CngProvider.MicrosoftSoftwareKeyStorageProvider, CngKeyOpenOptions.MachineKey));
Martheen
  • 5,198
  • 4
  • 32
  • 55
  • Thanks @Martheen. I don't understand how is the way I use the Open method connected to the CngKey.Exists method. In any case, I tried your solution and I get 'true' on the CngKey.Exits method. Now I simply get an exception when trying to Open, with the exception: 'kepair does not exist'. – Moutabreath Apr 06 '20 at 06:35
  • I'm pointing out that if you create them with MachineKey option, you'd also have to use them on Exists and Open. If your Exists now return true, it means your Open still lack the MachineKey option – Martheen Apr 06 '20 at 06:39
  • That point is understood. Yesterday, I got 'false' on Cng.Exists. Now I'm getting true, and when opening it like you suggested, it gives me that error. – Moutabreath Apr 06 '20 at 06:58
  • Update your question with the complete code where you create and open the key. – Martheen Apr 06 '20 at 07:07
  • I took over someone else's code base, this issue was a bit haunting to solve. I moved on while I worked on other code. Then finally went to work on shared key/multiple application decryption. Kept getting 'Invalid parameter' error on decryption even though it was supposed to be using the same keys! Different apps on the same machine. I was missing the Exists and the Open extra parameters. Cheers! – HouseCat Jan 20 '22 at 23:32