I ran across a problem this week where I needed to get the filename where an RSA encryption key was stored. These files are stored (for machine-scope keys) in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys, and have a filename that looks like a hash value followed by a SID. This is easy to find if you have access to the key:
var csp = new CspParameters { Flags = CspProviderFlags.NoPrompt | CspProviderFlags.UseMachineKeyStore | CspProviderFlags.UseExistingKey, KeyContainerName = "dev.dev.domo.com" }; var crypto = new RSACryptoServiceProvider(csp); Console.WriteLine(csp.KeyContainerName); Console.WriteLine(crypto.CspKeyContainerInfo.UniqueKeyContainerName);
But in my case I didn’t have access to the keyfile, as it had been created by another user and ACLed. The algorithm for deriving these filenames is not too difficult… It turns out you can take the container name, convert it to lowercase, add an extra null byte, compute the MD5 hash, and then convert the MD5 hash to a string in DWORD-sized chunks. Then you append the machine guid, which can be found in the registry.
public static class RsaCryptoServiceProviderExtensions { public static string GetUniqueKeyContainerName(string containerName) { using (var rk = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Cryptography")) { if (rk == null) { throw new Exception("Unable to open registry key"); } var machineGuid = (string)rk.GetValue("MachineGuid"); using (var md5 = MD5.Create()) { var containerNameArray = Encoding.ASCII.GetBytes(containerName.ToLower()); var originalLength = containerNameArray.Length; Array.Resize(ref containerNameArray, originalLength + 1); var hash = md5.ComputeHash(containerNameArray); var stringBuilder = new StringBuilder(32); var binaryReader = new BinaryReader(new MemoryStream(hash)); for (var i = 1; i <= 4; i++) { stringBuilder.Append(binaryReader.ReadInt32().ToString("x8")); } stringBuilder.Append("_" + machineGuid); return stringBuilder.ToString(); } } } }