dotnet interop: Understanding CryptoAPI "keycontainer" and "unique key container" -- dotnet interop

Understanding CryptoAPI "keycontainer" and "unique key container"

Michel Gallant
4/26/2004 10:14:57 AM

dotnet interop:

A number of folks have asked me about the naming convention used for the
CryptoAPI unique keycontainer files (Microsoft CSP keycontainer files).
These are encrypted (via DPAPI in W2k+) files holding RSA or DSA keypairs
and managed by the CSPs.

While these details are evidently WinOS-specific and developers should not rely
on this level of detail in applications, the information is nevertheless of interest to
some and may help in some troubleshooting scenarios.

Therefore, after a bit of digging, here is an article, together with some sample C# code,
showing how the keycontainer file name (the "unique key container" name) is
derived:
http://www.jensign.com/JavaScience/UniqueKeyContainer

If anyone provides information on what WinOS this is relevant, I will update the article.

- Mitch Gallant
JavaScience Consulting
www.jensign.com

Re: Understanding CryptoAPI "keycontainer" and "unique key container"

Doug Barlow
4/26/2004 4:09:00 PM

[quoted text, click to view]
update the article.

If I recall correctly, the Unique Key Container was created to deal with
roaming profiles in Windows 2000. It ensured that when migrating a profile
to a computer, that any existing keys didn't get overwritten.

Doug Barlow
The Soft Pedal Shop
http://www.SoftPedal.net