2

I want to protect my RSA private key with a password (who wouldn't) but the following C# fails: 

SecureString pw = new SecureString(); pw.AppendChar('x'); CspParameters prms = new CspParameters(); prms.KeyPassword = pw; RSACryptoServiceProvider crypto = new RSACryptoServiceProvider(prms); byte[] encrypted = crypto.Encrypt(Encoding.ASCII.GetBytes("encryptme"), true);

...with the CryptographicException: "Invalid type specified". If I take the KeyPassword assignment out it works fine.

What am I, or Microsoft, doing wrong?

Improve this question

1 Answer 1

Reset to default
1

Setting CspParameters.KeyPassword is equivalent to calling CryptSetProvParam with PP_KEYEXCHANGE_PIN (or PP_SIGNATURE_PIN). This flag is not supported by the default Microsoft crypto-service-provider (it is intended for use with smartcard-based CSPs).

You might want to try setting 

prms.Flags = CspProviderFlags.UseUserProtectedKey;

or alternatively generating a non-persistent key-pair, exporting it and encrypting it with a key derived from a password yourself.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.