How to set the key size of an RSA key created using aspnet_regiis?

Question

How to set the key size of an RSA key created using aspnet_regiis?

I created the RSA client key container (to encrypt the connection string in web.config) using the following command:

aspnet_regiis -pc "TestKeys" -size 2048 -exp

Then I exported the key to the xml file and used it to initialize the RSACryptoServiceProvider instance, so that I could check the key size, definitely 2048. However, using the code below, the key size is displayed as 1024.

using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) { using (FileStream fs = new FileStream(@"C:\TestKeys.xml", FileMode.Open)) { using (StreamReader sr = new StreamReader(fs)) { rsa.FromXmlString(sr.ReadToEnd()); } } Console.WriteLine(rsa.KeySize.ToString()); }

Aspnet_regiis seems to be ignoring the -size argument. Did I miss something?

Also, is there a recommended key size for encrypting .Net configuration sections using RSA?

+2

.net rsa config aspnet-regiis.exe

Matt f Mar 12 '11 at 11:02

source share

1 answer

Matt f · Accepted Answer · 2011-03-16T15:17:41+0000

I ended up using the RSACryptoServiceProvider class to create a key container, as it creates keys with the specified size.

 CspParameters cp = new CspParameters(); cp.KeyContainerName = keyContainerName; cp.Flags = CspProviderFlags.UseMachineKeyStore; cp.KeyNumber = 1; using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(keySize, cp)) { using (FileStream fs = new FileStream(fileName, FileMode.Create)) { using (StreamWriter sw = new StreamWriter(fs)) { sw.WriteLine(rsa.ToXmlString(true)); } } }

NIST accepts a key size of 3072 bits for security greater than 2030.

Key management recommendations - see table 4.

How to set the key size of an RSA key created using aspnet_regiis?

More articles: