How should I secure the Private Key when using Asymmetric RSA encryption?
https://stackoverflow.com/questions/13157850
-
23-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am using the RSACryptoServiceProvider and C#. I have a web server (A) that will be encrypting data and storing it in a database. I have another server (B) that will be reading the encrypted data and decrypting it. The private key will only ever live on server B.
I would like to limit private key access to my application and a very short list of domain users.
What is the best way to store the key so that it is safe from compromise by an unauthorized person?
Solution
You can use Windows RSA Key containers to store the key. The key can be installed / created by the aspnet_regiis.exe tool that ships with the .NET framework.
Here is a walkthrough.
The two options to look out for are:
-pi (installs a key to the RSA container)
-pa (managements permissions for the key)
