Home/ Questions/Q 4065534
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T15:59:40+00:00

I have created a customer RSA key container (for encrypting connection string in web.config)

  • 0

I have created a customer RSA key container (for encrypting connection string in web.config) using the following command:

aspnet_regiis -pc “TestKeys” -size 2048 -exp

I then exported the key to an xml file and used it to initialise an instance of RSACryptoServiceProvider so that I could check the key size was definitely 2048. However, using the code below, the key size is displayed as 1024.

using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
    using (FileStream fs = new FileStream(@"C:\TestKeys.xml", FileMode.Open))
    {
        using (StreamReader sr = new StreamReader(fs))
        {
            rsa.FromXmlString(sr.ReadToEnd());
        }
    }

    Console.WriteLine(rsa.KeySize.ToString());
}

It seems that aspnet_regiis is ignoring the -size argument. Am I missing something?

Also, is there a recommended key size for encrypting .Net config sections using RSA?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I ended up using the RSACryptoServiceProvider class to create the key container as it creates the keys with the size specified.

    CspParameters cp = new CspParameters();

cp.KeyContainerName = keyContainerName;
cp.Flags = CspProviderFlags.UseMachineKeyStore;
cp.KeyNumber = 1;

using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(keySize, cp))
{
    using (FileStream fs = new FileStream(fileName, FileMode.Create))
    {
        using (StreamWriter sw = new StreamWriter(fs))
        {
            sw.WriteLine(rsa.ToXmlString(true));
        }
    }
}

    NIST receommend a key size of 3072 bits for security required beyond 2030.

    Recommendations for key management – see Table 4.

    • 0