How to get to the Private Key File from a Certificate

I get this question from time to time. Most often because you have to set ACLs on the private key file to allow access for worker process accounts.

There is no clean way to do that in managed code. The general procedure is:

  1. Select a certificate
  2. Create an RSACryptoServiceProvider object from the certificate’s PrivateKey property
  3. Retrieve the UniqueKeyContainerName property
  4. Search for this file name in the various locations where keys are stored. Thats under ApplicationData for user keys and CommonApplicationData for machine keys

If you only want to set ACLs, there are two tools that can do that for you:

I wrote a little tool that does the above steps and displays the ACL editor via ShellExecute (with a little help of the WSE3 tool and Reflector). You could of course use this code to do your own ACLing with System.Security.AccessControl. (10.33 KB)


This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s