Error exporting RSA key container via aspnet_regiis

[dpomt]

Hello,

I have an issue exporting a RSA key container via aspnet_regiis.
I am using
aspnet_regiis -px "HoKeyCont7" HoKeyCont7.xml -pri
and I get the following (german) error message:
Exporting RSA Keys to file...
Schlüssel ist im angegebenen Status nicht gültig.
(translation might be: key invalid in specified status)

If I ommit the "-pri" option, the export succeeds without errors. However, I
need the "-pri" option to use the RSA key to decrypt the encrypted stuff on
a webserver.


Background information:
I have added a configProtectedData section to my web.config
<configProtectedData>
<providers>
<add name="MyProtectedDataProviderName2"
type="System.Configuration.RsaProtectedConfigurationProvider,
System.Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"
keyContainerName="HoKeyCont7"
useMachineContainer="true" />
</providers>
</configProtectedData>

and I am encrypting the wanted section programmatically:
Configuration config = WebConfigurationManager.OpenMappedWebConfiguration
(webConfigurationFileMap, "/");
ConfigurationSection cs = config.GetSection(strSection);
cs.SectionInformation.ProtectSection(m_strProtectedDataProviderName);
config.Save();

Encryption (as well as decryption) on my local dev machine work both well.


What I need is to export the RSA key with the -pri option.

Any suggestions?

 

[Steven Cheng[MSFT]]

Hello dpomt,

As for the aspnet_regiis.exe tool, it can help generate and export some
machine stored RSA key. And you're right that in order to export the full
public/private key pairs, we need to use -px with -pri options.

As for the exporting error you encountered, regardless of the environment
or framework installing problem, I'm wondering how did you originally
create this RSA key. When creating the RSA key, we need to specify the
"-exp" option so as to make it exportable, have you done this when creating
your RSA key?

Here is a msdn article which has demonstrated how to create and export such
a RSA key for encrypting .net 2.0 applciation's configuration file.


#How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA
http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000006.asp?frame=tr
ue


If you've already followed the correct steps from creating key to exporting
key, I would suggest you duplicate the same steps on some other machine
with .net framework 2.0 installed. If other machine works well, this should
be an machine specific issue.

Hope this helps. Please feel free to let me know if you have any new
finding.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

 

[dpomt]

Hello Steven,

thanks for your quick reply!

I have had read the article you mentioned before - but I have re-read it.
And I just noticed that I have forgot to explicitly create the RSA Key using
aspnet_regiis -pc "MyKeyName" -exp

Now, everythings works fine.

Thanks and best regards,
Dieter

 

[Steven Cheng[MSFT]]

Hi Dieter,

Glad that you've got it working.

Have a good day!

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.