RSACryptoServiceProvider DCOM access problem?

mYsZa

Hi all!
I've got really strange (for me) problem:
I've got an application, that at startup decrypts some data. Everything
works fine - the rijndael key is decrypted using the
RSAPKCS1KeyExchangeDeformatter, and the deformatter is created basing on the
RSACryptoServiceProvider and on the RSA key pair stored in the machine key
store. But there is a problem - the application is a COM server, and when I
set it up using DCOMCNFG to be run by a particular user created at
installation, the rijndael key cannot be decrypted - the message is "bad
key". This happens only on the NT machine, W2k works fine... Any
suggestions?
I don't think this is a problem of permissions - the user that runs the
application is in the administrators group.
Maybe it is a problem, that the decryption is done using a COM object
written using C# (with ComVisible=true attribute) and called as a COM
library? Don't know why.
Here is the code:

CspParameters cspParams = new CspParameters(1);
cspParams.KeyContainerName = "mycontainername";
cspParams.KeyNumber = 1;
cspParams.ProviderName = "Microsoft Base Cryptographic Provider v1.0";
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
RSACryptoServiceProvider clientRSA;
try
{
clientRSA = new RSACryptoServiceProvider( cspParams );
clientRSA.PersistKeyInCsp = true;
}
catch( Exception ex )
{
System.Diagnostics.Debug.WriteLine( ex.Message );
return null;
}

RSAPKCS1KeyExchangeDeformatter pRSADef = new
RSAPKCS1KeyExchangeDeformatter( clientRSA );
RijndaelManaged rijndael = new RijndaelManaged();
try
{
rijndael.Key = pRSADef.DecryptKeyExchange( m_byteEncryptedRijndaelKey );
}
catch( Exception ex )
{
//here is the error!
System.Diagnostics.Debug.WriteLine( ex.Message );
return null;
}

I think the problem is with retrieving the key from the machine key store -
some debug logs i've made showed that the RSACryptoServiceProvider is not
initialized properly, but no exception is thrown then. As I mentioned - the
problem occurs only when the running user is different that the logged user
and only on the NT machine.

If you could give me any help...
TIA

--
mYsZa

Jul 21 '05 #1

Subscribe Post Reply

2734

Valery Pryamikov

Hi,
If I remember it correctly - on windows prior to W2K, RSA key containers
were stored in HKEY_USER part of registry, but on W2K and later they are
stored in File System %Documents and Settings%\%UserName%\Application
Data\Microsoft\Crypto\RSA\%SID%\. DCOM uses logon as batch job type logon
which doesn't load registry hive - therefore you don't have access to
HKEY_USER registry part and key containers stored there on NT, but keys
stored in file system is readily available for you on W2K and later.

-Valery.

http://www.harper.no/valery

"mYsZa" <el*************@NIEPOTRZEBNEwp.pl> wrote in message
news:c5*********@atlantis.news.tpi.pl...

Hi all!
I've got really strange (for me) problem:
I've got an application, that at startup decrypts some data. Everything
works fine - the rijndael key is decrypted using the
RSAPKCS1KeyExchangeDeformatter, and the deformatter is created basing on
the
RSACryptoServiceProvider and on the RSA key pair stored in the machine key
store. But there is a problem - the application is a COM server, and when
I
set it up using DCOMCNFG to be run by a particular user created at
installation, the rijndael key cannot be decrypted - the message is "bad
key". This happens only on the NT machine, W2k works fine... Any
suggestions?
I don't think this is a problem of permissions - the user that runs the
application is in the administrators group.
Maybe it is a problem, that the decryption is done using a COM object
written using C# (with ComVisible=true attribute) and called as a COM
library? Don't know why.
Here is the code:

CspParameters cspParams = new CspParameters(1);
cspParams.KeyContainerName = "mycontainername";
cspParams.KeyNumber = 1;
cspParams.ProviderName = "Microsoft Base Cryptographic Provider v1.0";
cspParams.Flags = CspProviderFlags.UseMachineKeyStore;
RSACryptoServiceProvider clientRSA;
try
{
clientRSA = new RSACryptoServiceProvider( cspParams );
clientRSA.PersistKeyInCsp = true;
}
catch( Exception ex )
{
System.Diagnostics.Debug.WriteLine( ex.Message );
return null;
}

RSAPKCS1KeyExchangeDeformatter pRSADef = new
RSAPKCS1KeyExchangeDeformatter( clientRSA );
RijndaelManaged rijndael = new RijndaelManaged();
try
{
rijndael.Key = pRSADef.DecryptKeyExchange( m_byteEncryptedRijndaelKey );
}
catch( Exception ex )
{
//here is the error!
System.Diagnostics.Debug.WriteLine( ex.Message );
return null;
}

I think the problem is with retrieving the key from the machine key
store -
some debug logs i've made showed that the RSACryptoServiceProvider is not
initialized properly, but no exception is thrown then. As I mentioned -
the
problem occurs only when the running user is different that the logged
user
and only on the NT machine.

If you could give me any help...
TIA

--
mYsZa

Jul 21 '05 #2

by: Achim Domma (Procoders) | last post by:

Hi, I have a problem with a DCOM server written in python. Here is my minimal test object: class TestObject: _reg_clsid_ = "{ECDBB3BC-F0BF-4eef-87C0-D179A928DAB5}" _reg_progid_ =...