Object already exists in RSACryptoServiceProvider

Question

Object already exists in RSACryptoServiceProvider

I copied the source code from one application to another, both on the same computer. I also use the same line for containerName below in both applications.

What prevents my new application from reading a key that was saved in another application? All other things are equal, are registered in the user account, etc.

CspParameters cspParams = new CspParameters(); cspParams.KeyContainerName = containerName; cspParams.Flags = CspProviderFlags.UseMachineKeyStore; // Get error "object already exists" below. RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams);

+8

c # cryptography encryption rsacryptoserviceprovider

CHI Coder 007 Jan 21 '11 at 20:45

source share

4 answers

Pavel morshenyuk · Answer 1 · 2011-01-21T22:07:09+0000

You tried to grant permissions for everyone, for example, for files in "Documents and Settings \ All Users \ Application Data \ Microsoft \ Crypto \ RSA \ Machine Keys", as described there:

http://social.msdn.microsoft.com/Forums/en/netfxbcl/thread/f7b9f928-a794-47f2-a5bd-9f64ca375040

Webmixer · Answer 2 · 2011-09-02T12:38:55+0000

Another solution is to establish access to all by code:

 CspParameters cspParams; cspParams = new CspParameters(PROVIDER_RSA_FULL); cspParams.KeyContainerName = CONTAINER_NAME; cspParams.Flags = CspProviderFlags.UseMachineKeyStore; cspParams.ProviderName = "Microsoft Strong Cryptographic Provider"; CryptoKeyAccessRule rule = new CryptoKeyAccessRule("everyone", CryptoKeyRights.FullControl, AccessControlType.Allow); cspParams.CryptoKeySecurity = new CryptoKeySecurity(); cspParams.CryptoKeySecurity.SetAccessRule(rule);

Chris · Answer 3 · 2011-03-01T14:21:34+0000

I ran into this problem because my WCF service did not have permission to access the keystore. I skipped this problem following the instructions to give the user access to the ASPNET network access that I found here: http://msdn.microsoft.com/en-us/library/2w117ede.aspx#Y898

Steve czetty · Answer 4 · 2014-09-09T16:58:59+0000

I recently ran into this problem with multiple deployed IIS sites on the same server (Windows 2008 R2). In our environment, each site operates in different application pools, but in some cases the same identifier may be assigned to these pools.

Our application creates a key if it does not exist, and puts it in a container with a name based on the current identifier. The first deployed site always worked, but if we deployed another site to a different application pool with the same identifier, the second one failed.

It turns out that when the key is stored, Windows gives full access to the user "IIS APPPOOL \ AppPoolName", and not the identifier that we assigned to the pool.

So, our solution was to give the container explicit permissions for the current identifier (this is similar to @Webmixer answer, the only difference is in CryptoKeyAccessRule ):

 CspParameters cspParams; cspParams = new CspParameters(PROVIDER_RSA_FULL); cspParams.KeyContainerName = CONTAINER_NAME; cspParams.Flags = CspProviderFlags.UseMachineKeyStore; cspParams.ProviderName = "Microsoft Strong Cryptographic Provider"; CryptoKeyAccessRule rule = new CryptoKeyAccessRule(System.Security.Principal.WindowsIdentity.GetCurrent(), CryptoKeyRights.FullControl, AccessControlType.Allow); cspParams.CryptoKeySecurity = new CryptoKeySecurity(); cspParams.CryptoKeySecurity.SetAccessRule(rule);

Object already exists in RSACryptoServiceProvider

More articles: