The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
.NET and RSA Cryptography
VThornheart
Registered User regular
Registered User regular
Urgh... so it's 10:30pm over here, I've been at work for 13 hours and 30 minutes, and I still don't know what's going wrong.
Okay, so I have a private RSA key that's a known value, and I'm storing it using the DPAPI. It's a 1024 bit key.
Note that the following involves an ASP.NET web service application.
I have a test machine, and on the machine I am able to decrypt the key from the DPAPI and feed it into an RSACryptoServiceProvider objects' "FromXMLString" method successfully.
I take the exact same RSA key to the "production" machine, store it in the DPAPI, run the code that's supposed to retrieve it and it does retrieve it, and then I feed it into "FromXMLString" (note: using the same method I did above in the test machine) and I recieve a "Key not valid for use in specified state" error.
Grr. Anyways, I went browsing to see what that could mean, and someone reccommended to another person on a forum that they reinstall the .NET Framework 2.0. I said "Sure, why not?"
I reinstall the .NET framework, and run it again. Now, instead of the "Key not valid" error, I get a message saying that the service is unavailable and to check the event log. I check the event log, and "aspnet_wp.exe has exited unexpectedly" is the response I get. I've made the .NET framework crap the bed, and I don't know how to fix it... tried reinstalling again to no avail.
Looked through the IIS settings, they check out.
And through it all, the test machine has worked fine, producing no errors and having no problems with the exact same RSA key.
... anyone ever run into this? I don't know how likely it is. At this point in the evening, I'm more posting this to rant and hoping that someone's somehow seen this before then I am actually expecting someone to give an answer.
I've been at this problem for longer than I can now tolerate thinking about it, but it must be fixed before the morning. So I'm taking a break from staring at the problem to rant about the problem.
Okay, so I have a private RSA key that's a known value, and I'm storing it using the DPAPI. It's a 1024 bit key.
Note that the following involves an ASP.NET web service application.
I have a test machine, and on the machine I am able to decrypt the key from the DPAPI and feed it into an RSACryptoServiceProvider objects' "FromXMLString" method successfully.
I take the exact same RSA key to the "production" machine, store it in the DPAPI, run the code that's supposed to retrieve it and it does retrieve it, and then I feed it into "FromXMLString" (note: using the same method I did above in the test machine) and I recieve a "Key not valid for use in specified state" error.
Grr. Anyways, I went browsing to see what that could mean, and someone reccommended to another person on a forum that they reinstall the .NET Framework 2.0. I said "Sure, why not?"
I reinstall the .NET framework, and run it again. Now, instead of the "Key not valid" error, I get a message saying that the service is unavailable and to check the event log. I check the event log, and "aspnet_wp.exe has exited unexpectedly" is the response I get. I've made the .NET framework crap the bed, and I don't know how to fix it... tried reinstalling again to no avail.
Looked through the IIS settings, they check out.
And through it all, the test machine has worked fine, producing no errors and having no problems with the exact same RSA key.
... anyone ever run into this? I don't know how likely it is. At this point in the evening, I'm more posting this to rant and hoping that someone's somehow seen this before then I am actually expecting someone to give an answer.
I've been at this problem for longer than I can now tolerate thinking about it, but it must be fixed before the morning. So I'm taking a break from staring at the problem to rant about the problem.
3DS Friend Code: 1950-8938-9095
VThornheart on
0
Posts
apparently the user that runs the ASP.NET Process (ASPNET) is a different user than the one who runs the .NET Runtime for the ASP.NET Process (Network Service). I gave rights to ASPNET, but not to Network Service... and, coupled with the fact that RSA keys apparently need to be stored in the Machine settings and any process that needs to use said RSA keys has to have access rights to it... well, you can guess the rest.
Once I realized this, I gave Network Service full rights to the whole Settings subfolder and it started working again. It's midnight, which makes it... 15 hours? Meh, whatever.
I have a feeling that it's not a good thing to give full rights to it, but the "production" machine is just a sales machine that's going to run some live demos with fake versions of all the sensitive bits, so I'm not too worried about someone snooping in on that. I'll have to do some reading this weekend and see what one is actually supposed to do in terms of security that'd work without just giving a blanket "full rights" to the whole folder. It seems like there should be a more elegant solution.
Anyways, this can be marked as solved... sort of.