How to set read permission on the private key file of X.509 certificate from .NET

by

This answer is late but I wanted to post it for anybody else that comes searching in here:

I found an MSDN blog article that gave a solution using CryptoKeySecurity here, and here is an example of a solution in C#:

var rsa = certificate.PrivateKey as RSACryptoServiceProvider;
if (rsa != null)
{
    // Modifying the CryptoKeySecurity of a new CspParameters and then instantiating
    // a new RSACryptoServiceProvider seems to be the trick to persist the access rule.
    // cf. http://blogs.msdn.com/b/cagatay/archive/2009/02/08/removing-acls-from-csp-key-containers.aspx
    var cspParams = new CspParameters(rsa.CspKeyContainerInfo.ProviderType, rsa.CspKeyContainerInfo.ProviderName, rsa.CspKeyContainerInfo.KeyContainerName)
    {
        Flags = CspProviderFlags.UseExistingKey | CspProviderFlags.UseMachineKeyStore,
        CryptoKeySecurity = rsa.CspKeyContainerInfo.CryptoKeySecurity
    };

    cspParams.CryptoKeySecurity.AddAccessRule(new CryptoKeyAccessRule(sid, CryptoKeyRights.GenericRead, AccessControlType.Allow));

    using (var rsa2 = new RSACryptoServiceProvider(cspParams))
    {
        // Only created to persist the rule change in the CryptoKeySecurity
    }
}

I’m using a SecurityIdentifier to identify the account but an NTAccount would work just as well.

More Related Contents:

  1. Could not establish trust relationship for SSL/TLS secure channel — SOAP
  2. Which TLS version was negotiated?
  3. How can I send emails through SSL SMTP with the .NET Framework?
  4. Using a self-signed certificate with .NET’s HttpWebRequest/Response
  5. bypass invalid SSL certificate in .net core
  6. C# Ignore certificate errors?
  7. Generate a self-signed certificate on the fly
  8. Associate a private key with the X509Certificate2 class in .net
  9. Enable SSL in Visual Studio
  10. Check ssl protocol, cipher & other properties in an asp.net mvc 4 application
  11. Is it safe to test the X509Certificate.Thumbprint property when you know an invalid certificate is safe?
  12. Can I reuse HttpWebRequest without disconnecting from the server?
  13. Is TLS 1.1 and TLS 1.2 enabled by default for .NET 4.5 and .NET 4.5.1?
  14. Using SSL and SslStream for peer to peer authentication?
  15. System.ServiceModel not found in .NET Core project
  16. Finding element in XDocument?
  17. Using XmlSerializer with an array in the root element
  18. Why does the default string comparer fail to maintain transitive consistency?
  19. Why does Process.Start(“cmd.exe”, process); not work?
  20. Regular expression to validate valid time
  21. How does a generic constraint prevent boxing of a value type with an implicitly implemented interface?
  22. Can I send webrequest from specified ip address with .NET Framework?
  23. How can I split (copy) a Stream in .NET?
  24. Client configuration to consume WCF JSON web service
  25. VS2005 C# Programmatically change connection string contained in app.config
  26. How to edit a WritableBitmap.BackBuffer in non UI thread?
  27. To run cmd as administrator along with command?
  28. How to reorder columns in gridview dynamically
  29. Where is the .NET JIT-compiled code cached?
  30. How to round a integer to the close hundred?

Leave a Comment