Can another application access the private key stored in the key container using RSACryptoServiceProvider?

Question

Can another application access the private key stored in the key container using RSACryptoServiceProvider?

I use RSACryptoServiceProviderto create a public / private key pair and using an object cspParametersto store it in a key container.

My problem is that after I save the private key in the key container, can another application access the key container and get the secret key i generated?

If so, the security of the key is compromised, right?

How can I avoid this? Should I encrypt the generated private key using a symmetric encryption algorithm?

+3

cryptography containers key compact-framework rsacryptoserviceprovider

Ranhiru coooray Jul 23 '10 at 17:17

source share

1 answer

James k polk · Accepted Answer · 2010-07-23T19:47:11+0000

Without using the hardware security module, your only protection is to set the CspParameters.Flags field:

CspParameters.Flags = CspProviderFlags.UseNonExportableKey |  CspProviderFlags.UseUserProtectedKey;

The first flag prevents the software from “honestly” exporting the private key. The second requires user interaction with the graphical interface to perform any operations with the private key.

Can another application access the private key stored in the key container using RSACryptoServiceProvider?

More articles: