You are trying to contain the key using the
System.Security.Cryptography.RSACryptServiceProvider class.I have to specify a container name, but what do you specify for this container name and how do you manage it?
If you know the name of the container and you can get the stored key, it seems to me that the name of the container is an important value equivalent to the key or password.c# .net security
I think that access control lists (
CryptoKeySecurity), not container names, should prevent untrusted users from accessing.
Conversely, if you want to prevent users with legitimate application execution privileges from viewing the private key in an unauthorized way, you should manage the key not on your local machine, but in a web application or other place where you cannot directly access it.
© 2023 OneMinuteCode. All rights reserved.